“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either,” the company said in an official statement. NordVPN didn’t name the data center provider but said that it terminated its contract with the server provider and shredded all of the servers it had been renting from them. NordVPN said it found out about the breach a few months ago, yet waited to disclose the incident to ensure that the rest of its infrastructure was secure. Over the weekend, security researchers discovered that NordVPN had an expired private key exposed, which would allow anyone to set up a server imitating NordVPN. According to NordVPN, the TLS key was taken at the same time the data center was exploited. “However, the key couldn’t possibly have been used to decrypt the VPN traffic of any other server. On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.”
RELATED:
Avast says hackers breached internal network through compromised VPN profileHow to find the best VPN service: Your guide to staying safe on the internetPrivilege escalation vulnerability patched in Forcepoint VPN for WindowsA Chinese APT is now going after Pulse Secure and Fortinet VPN servers