Technology: NordVPN admits to 'isolated' server breach in Finland - Winter and summer: on the Gulf of Finland, all-weather surfing - PressFrom - US
  •   
  •   
  •   

Technology NordVPN admits to 'isolated' server breach in Finland

20:10  21 october  2019
20:10  21 october  2019 Source:   engadget.com

Popular VPN service NordVPN confirms data center breach

  Popular VPN service NordVPN confirms data center breach The hack happened in 2018 to a server in Finland.On Monday, the VPN company released details of a data breach from March 2018. An unauthorized user accessed a lone server in a Finland data center that NordVPN was renting from an unnamed provider, which apparently didn't disclose info about the hack. NordVPN says no username or passwords were intercepted.

Virtual private network provider NordVPN has confirmed an attacker breached one of its servers , though the tangible impact of the breach seems to be The incident took place in March 2018, when an unauthorized person accessed a server NordVPN rented from a third-party data center in Finland .

Laura Tyrell, a spokesperson for NordVPN , told the publication that “One of the datacenters in Finland we are renting our servers from was accessed with no authorization.” While NordVPN has a “zero log” policy that was recently independently audited, one may question the motives of the hacker or hackers.

Virtual private network provider NordVPN has confirmed an attacker breached one of its servers, though the tangible impact of the breach seems to be pretty limited. There were no user activity logs on the server -- the company says it doesn't track, collect or share people's private data. There was also no way for the hacker to access usernames and passwords and nor could the attacker have decrypted VPN traffic to other servers.

  NordVPN admits to 'isolated' server breach in Finland

"The only possible way to abuse website traffic was by performing a personalized and complicated MiTM attack to intercept a single connection that tried to access nordvpn.com," the company wrote in a blog post.

Week in celebrity photos for Oct. 21-25, 2019

  Week in celebrity photos for Oct. 21-25, 2019 Week in celebrity photos for Oct. 21-25, 2019

NordVPN , a virtual private network provider that promises to “protect your privacy online,” has “One of the datacenters in Finland we are renting our servers from was accessed with no authorization,” said NordVPN spokesperson NordVPN said it found out about the breach a “few months ago,” but

How many NordVPN servers are there? While the quality of the servers is more important than the quantity, there is a point at which the competition simply loses due to numbers. Naturally, VPN providers are reluctant to admit using virtual servers , but some state that they have only physical ones.

The incident took place in March 2018, when an unauthorized person accessed a server NordVPN rented from a third-party data center in Finland. They exploited an "insecure remote management system" that the data center provider left in place. NordVPN wasn't aware that such a system existed.

The affected server was added to NordVPN's server list on January 31st that year. The provider detected the vulnerability and removed the remote management account on March 20th without informing NordVPN.

The company learned of the incident a few months ago and right away ended its contract with the data center provider and scrubbed all the data it had on the rented servers. It didn't disclose the breach immediately because it had to audit the rest of its infrastructure to ensure similar issues wouldn't occur elsewhere. It also "accelerated the encryption of all of our servers." That took some time because of its complex infrastructure and the more than 3,000 servers it uses.

NordVPN reveals server breach that could have let attacker monitor traffic

  NordVPN reveals server breach that could have let attacker monitor traffic A server in Finland was breached last year.Over the past couple years, NordVPN has become a lot more popular as it’s gone on a heavy advertising push. You’ll often hear NordVPN ads in the middle of podcasts, or find a YouTube host pausing to talk about how NordVPN can protect your privacy by masking your browsing habits. The company has positioned its product, which sends your traffic through servers in other cities or countries to mask your browsing habits, as an easy way to maintain your privacy online, but the server breach could detract from that promise for potential customers.

NordVPN is one of the best providers. It provides the ability to connect to various remote VPN servers . NordVPN began to use the US-based proxy service for the more convenient development of applications, as well as for the rapid processing of payments.

IMPORTANT: NordVPN provides Obfuscated Servers only for its OpenVPN apps on Windows, macOS, Linux, and Android. Currently, this feature is not available on the iOS app for your iPhone or iPad – you’ll need to manually configure the OpenVPN or L2TP protocol with specific settings.

The issue didn't affect any of NordVPN's other servers or data centers. It says it will require providers it works with to meet higher security standards. It's also moving all of its servers to RAM, a process that should be completed next year.

While the breach doesn't seem to have had a significant impact on user privacy, it's not a great look for a company that touts itself as offering "secure and private access to the internet." As such, NordVPN is doubling down on security. "We have undergone an application security audit, are working on a second no-logs audit right now, and are preparing a bug bounty program," it wrote in the post. "[Next] year we will launch an independent external audit all of our infrastructure to make sure we did not miss anything else."

NordVPN

NordVPN user accounts compromised and passwords exposed, report says .
Users' email addresses and plain-text passwords were posted to online forums, Ars Technica reports.Users' credentials, which contained email addresses, plain-text passwords and expiration dates associated with user accounts, were posted on online forums like Pastebin, according to Ars Technica. The publication polled a small sample of users from a list of 753 credentials and found that passwords for all but one were still being used. Several people reportedly said their accounts were accessed by unauthorized people.

—   Share news in the SOC. Networks
usr: 6
This is interesting!