NordVPN Server Breach May Have Enabled Attacker to Monitor Traffic

According to the company, one of their servers was breached in March 2018.
Fabienne Lang
Computer locked down Grindi/iStock

When you use a VPN, you tend to believe your browsing information is secure and private. It usually is, however, when a server is breached that information becomes available to the attacker. 

This happened to some of NordVPN's customers back in March 2018. The company stated that they've known about this information 'for a few months now'. 

The server was located in Finland and did not encompass any activity logs, usernames, or passwords. However, the attacker will have been able to view the websites the users were browsing during this time. 



Growing in popularity, NordVPN has been making a name for itself in the VPN world. After going through a massive advertising push, users have been flocking to use the company. 

What NordVPN offers, like any other VPN company, is access to the internet via servers based in other countries. And what NordVPN offer their customers is protecting their privacy by hiding their browsing history. 

However, with this server breach, the company's promise of privacy protection is a little skewed. 

The Verge reported that Tom Okman, a member of NordVPN's tech advisory board said "potential attackers could have gotten only into that server and only intercept the traffic and seen what websites people are browsing — not the content, only the website — for a limited period of time, only in that isolated region."

Okman also stated that NordVPN switches the server that each customer is connected to every five minutes, and that the users could select which country they wanted to operate from. 

This means that users would have only been impacted for a few minutes at a time. Furthermore, as this particular breached server was based in Finland, only users connected to the Finnish server would have been impacted. 

Most Popular

Security researchers noted the breach this past weekend, and NordVPN was fast to respond in a blog post, in which they shared the information that they knew about the server breach "a few months ago".

The company said they did not disclose the information to the public as they were auditing other systems.

As per NordVPN, only the one server was breached. The issue happened because a datacenter installed a remote access system on the server, without informing the VPN provider. This system ended up being unsecure, which enabled an outsider to gain access.

The server was vulnerable between January and March 2018, however the server was only breached in March of that year.

According to NordVPN, no other datacenters were affected, and they have since stopped working with the company that had the flawed server. 

When describing the situation, Okman said "I would not call this a hack. This is an isolated security breach — hack is too powerful a word in this case."

message circleSHOW COMMENT (1)chevron