Extending the list of firms suffering a breach, now joins NordVPN. However, they didn’t suffer any ‘direct’ security breach, rather the incident occurred due to lax administration within a third party endpoint datacenter in Finland.
NordVPN Endured Server Breach
NordVPN have confirmed a data breach that indirectly involved the firm. The incident occurred with a datacenter in Finland.
As elaborated in a recent post, they found unauthorized access to a vulnerable server with one of their datacenter’s in March 2018.
The attacker gained access to the server by exploiting an insecure remote management system left by the datacenter provider while we were unaware that such a system existed.
the timeline of the events, the firm elaborated that the relevant datacenter noticed a flaw. Then, without notifying NordVPN, the data center deleted the remote management account in March 2018. NordVPN also learned of an expired private key. However, they assured that the key couldn’t have been used to decrypt the VPN traffic of other servers.
Since the affected server had no specific information, the overall data remained unaffected during the security breach.
The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either.
What Did NordVPN Do Later?
Upon discovering the matter, NordVPN terminated the contract with the relevant datacenter.
Furthermore, despite discovering the incident earlier, they took some time for the disclosure to ensure the security of other servers.
They also elevated their security policies for all datacenters. Now, they only collaborate with the ones which meet their requirements.
Once we found out about the incident, we immediately launched a thorough internal audit to check our entire infrastructure… We have also raised the bar for all datacenters we work with. Now, before signing up with them, we make sure that they meet even higher standards.
In addition to all their security measures, NordVPN has announced they will implement a bug bounty program. Perhaps, this will help them further in strengthening their security.
Let us know your thoughts in the comments.