12.5 C
New York
Thursday, May 28, 2020
Home News NordVPN confirms an attacker breached a rented Finland server

NordVPN confirms an attacker breached a rented Finland server

NordVPN confirmed on Monday that an attacker breached a server it rented from a Finland-based data center. The company, which described the event as an attack rather than a more-common hack, says the breach took place in March 2018, but the attacker did not retrieve any customer information.

“The attacker gained access to the server by exploiting an insecure remote management system left by the data center provider while we were unaware that such a system existed,” the company reports. “The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either.”

The server in question came online on January 31, 2018.  The unnamed company maintaining the data center allegedly discovered that its vulnerable remote management account remained on the rented server and deleted it on March 28, 2018, without informing NordVPN. The popular VPN provider supposedly didn’t even know this account existed until “a few months ago.”

A virtual private network, or VPN, creates a secure “tunnel” across the internet. These connections were originally intended for employees to remotely connect to company networks. But now VPN services are available to the masses for accessing region-restricted content and remaining anonymous online. Customers essentially connect to a remote server and use its connection to surf the internet, hiding their online address in the process.

Although your internet service provider can’t log your activity while using a VPN, there’s no guarantee VPN service providers themselves aren’t keeping track of your online travels. NordVPN states that it does not keep logs, however, including “connection timestamps, session information, used bandwidth, traffic data, IP addresses, or other data.”

NordVPN says it didn’t disclose the breach immediately due to its lengthy investigation across its entire infrastructure.

“We had to make sure that none of our infrastructure could be prone to similar issues,” the company reports. “This couldn’t be done quickly due to the huge amount of servers and the complexity of our infrastructure.”

The security alert arrives after reports surfaced claiming attackers breached NordVPN and obtained an expired Transport Layer Security key. NordVPN says the attacker retrieved this key during the breach, but it cannot be used to decrypt VPN traffic on other servers. Instead,  the attacker could create a fake NordVPN server to redirect traffic and launch a man-in-the-middle-attack on a single connection.

NordVPN says more than 3,000 servers run its VPN service. In this situation, it contracted an “unreliable server provider,” and this was an “isolated case.” The company canceled its contract and “shredded” all servers rented through the unnamed supplier.

Latest

Woodley vs. Burns UFC Fight Night: When, where & how to watch

After several delays and a few fights in Florida, the UFC is returning to Las Vegas! The next UFC Fight

What keyboard app are you using in 2020?

Chatting with the AC forums.Your phone's virtual keyboard is one of the most important things you interact with every single

Google sued by Arizona over allegedly illegal location tracking

This isn't the first time Google is being sued over privacy concerns.What you need to knowGoogle has been sued by

Galaxy Note 20 could be Samsung’s first phone to come with a 5nm chipset

The Exynos 992 is rumored to be a significant upgrade over the current Exynos 990 and Snapdragon 865 chipsets.What you