Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: NordVPN network hacked by third party provider breach

4 Weeks Ago   #1
Brink

64-bit Windows 10 Pro
 
 
NordVPN network hacked by third party provider breach

Quote:
We understand the security concerns that arose from the information found online by security researchers and will address them in detail here.

A few months ago, we became aware that, on March 2018, one of the datacenters in Finland we had been renting our servers from was accessed with no authorization. The attacker gained access to the server by exploiting an insecure remote management system left by the datacenter provider while we were unaware that such a system existed. The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either. The exact configuration file found on the internet by security researchers ceased to exist on March 5, 2018. This was an isolated case, and no other datacenter providers we use have been affected.

Once we found out about the incident, we immediately launched a thorough internal audit to check our entire infrastructure. We double-checked that no other server could possibly be exploited this way and started creating a process to move all of our servers to RAM, which is to be completed next year. We have also raised the bar for all datacenters we work with. Now, before signing up with them, we make sure that they meet even higher standards.

When we learned about the vulnerability the datacenter had a few months back, we immediately terminated the contract with the server provider and shredded all the servers we had been renting from them. We did not disclose the exploit immediately because we had to make sure that none of our infrastructure could be prone to similar issues. This couldn’t be done quickly due to the huge amount of servers and the complexity of our infrastructure.

The timeline is as follows: the affected server was built and added to our server list on January 31, 2018. The data center noticed the vulnerability they had left and deleted the remote management account without notifying us on March 20, 2018. Our techs found that the server provider had had the undisclosed account a few months ago. We then immediately took action to audit our entire server network and accelerated the encryption of all of our servers.

The expired TLS key was taken at the same time the datacenter was exploited. However, the key couldn’t possibly have been used to decrypt the VPN traffic of any other server. On the same note, the only possible way to abuse website traffic was by performing a personalized and complicated MiTM attack to intercept a single connection that tried to access nordvpn.com.

To recap, in early 2018, one isolated datacenter in Finland was accessed without authorization. That was done by exploiting a vulnerability of one of our server providers that hadn’t been disclosed to us. No user credentials have been intercepted. No other server on our network has been affected. The affected server does not exist anymore and the contract with the server provider has been terminated.

Even though only 1 of more than 3000 servers we had at the time was affected, we are not trying to undermine the severity of the issue. We failed by contracting an unreliable server provider and should have done better to ensure the security of our customers. We are taking all the necessary means to enhance our security. We have undergone an application security audit, are working on a second no-logs audit right now, and are preparing a bug bounty program. We will give our all to maximize the security of every aspect of our service, and next year we will launch an independent external audit all of our infrastructure to make sure we did not miss anything else.

With this incident, we learned important lessons about security, communication, and marketing.


Source: Why the NordVPN network is safe after a third-party provider breach | NordVPN

See also: NordVPN confirms it was hacked – TechCrunch


My System SpecsSystem Spec
.
3 Weeks Ago   #2
F22 Simpilot

Windows 7 Ultimate x64
 
 

Not very good for their clientele. I'm sure people will be canceling their subscription. I don't even think Nord or even PIA is a non-five eyes jurisdiction VPN. And to make matters worse they probably allow port forwarding.

Many people gravitate towards these two companies and I just shake my head. Plus, they don't understand that even though you use a VPN, you have to make sure it supports its own DNS and you have WebRTC off, etc in your browser. I wrote all about this on my own forum and I do use a pretty decent VPN. Two in fact.
My System SpecsSystem Spec
Reply

 NordVPN network hacked by third party provider breach




Thread Tools




Similar help and support threads
Thread Forum
Cannot resolve names after turning off NETBIOS for NordVPN
Hi, background: I had few problems using NordVPN until somewhat recently, but my use was intermittent. If it dropped a connection i was not worried. Now however, I need a reliable VPN working 24x7. Turns out, that wasn't working with NordVPN. Longer story shorter, they had me turn off NETBIOS...
Network & Sharing
Network Adapter Drivers hacked help
I scan my laptop daily for any virus and one day it found 200 viruses after that my anti virus asked me to delete them or no and i deleted them then it said you need to restart for the computer to take effect then i restarted my laptop and i saw that skype cannot go online and i checked my network...
Drivers
AM I hacked by my broadbband netowork provider?
Hi everyone, I am totally new member here and seeking a help from any of you. Right now I am windows 7 ultimate x64 OS. I don't know anything about networking so I have a big doubt about my network provider. I am using a connection from local broadband provider and I don't have any router my self....
Network & Sharing
Our network has been hacked. Are they into Apple Stuff and PS3 too?
Hello there: This is a very long story but the short of this is that our network was hacked by a seriously bad Trojan. All of our computers were (are) infected. The Trojan calls out to an external server, downloads windows NT and changes the boot to their network. Unbelievably I have been...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:03.
Twitter Facebook