Hacker News
NordVPN what happened?
On 19 October a tweet on NordVPN official account said ” Ain’t no hacker can steal your online life. (If you use VPN). Stay safe ” that immediately got the attention of cybersecurity community. Some call it a lie, some made jokes about it. Later on the tweet was taken down.
WHAT HAPPENED:
NordVPN told TechCrunch that one of its data centers was accessed in March 2018.
“One of the data centers in Finland we are renting our servers from was accessed with no authorization,”
said NordVPN spokesperson Laura Tyrell.
The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the data center provider; NordVPN said it was unaware that such a system existed.
Official response regarding the breach of one of our datacenters.
— NordVPN (@NordVPN) October 21, 2019
1/3 In response to the TechCrunch article: a server was hacked, the service was not.
None of the information available on one server can be used to decrypt the traffic of any other.— NordVPN (@NordVPN) October 21, 2019
The company issued a statement
To recap, in early 2018, one isolated datacenter in Finland was accessed without authorization. That was done by exploiting a vulnerability of one of our server providers that hadn’t been disclosed to us. No user credentials have been intercepted. No other server on our network has been affected. The affected server does not exist anymore and the contract with the server provider has been terminated.
