Technology NordVPN reveals server breach that could have let attacker monitor traffic
Popular VPN service NordVPN confirms data center breach
The hack happened in 2018 to a server in Finland.On Monday, the VPN company released details of a data breach from March 2018. An unauthorized user accessed a lone server in a Finland data center that NordVPN was renting from an unnamed provider, which apparently didn't disclose info about the hack. NordVPN says no username or passwords were intercepted.
NordVPN says one of its servers was breached in March 2018, exposing some of the browsing habits of customers who were using the VPN service to keep their data private. NordVPN says the server, located in Finland, did not contain activity logs, usernames, or passwords. But the attacker would have been able to see what websites users were visiting during that time, a company advisor said, although the content of the websites likely would have been hidden due to encryption.
Over the past couple years, NordVPN has become a lot more popular as it’s gone on a heavy advertising push. You’ll often hear NordVPN ads in the middle of podcasts, or find a YouTube host pausing to talk about how NordVPN can protect your privacy by masking your browsing habits. The company has positioned its product, which sends your traffic through servers in other cities or countries to mask your browsing habits, as an easy way to maintain your privacy online, but the server breach could detract from that promise for potential customers.
NordVPN admits to 'isolated' server breach in Finland
Virtual private network provider NordVPN has confirmed an attacker breached one of its servers, though the tangible impact of the breach seems to be pretty limited. There were no user activity logs on the server -- the company says it doesn't track, collect or share people's private data. There was also no way for the hacker to access usernames and passwords and nor could the attacker have decrypted VPN traffic to other servers. "The only"The only possible way to abuse website traffic was by performing a personalized and complicated MiTM attack to intercept a single connection that tried to access nordvpn.com," the company wrote in a blog post.
“Potential attackers could have gotten only into that server and only intercept the traffic and seen what websites people are browsing — not the content, only the website — for a limited period of time, only in that isolated region,” Tom Okman, a member of NordVPN’s tech advisory board, told The Verge.
Okman says NordVPN usually changes the server each user is connected to every five minutes or so, but that users get to pick which country they are connecting through. That means users likely would have only been impacted for intermittent periods of time. The breach also could have only impacted users who were connecting through Finland, which is where the breached server was located.
Week in celebrity photos for Oct. 21-25, 2019
Week in celebrity photos for Oct. 21-25, 2019
Details of the breach started circulating over the weekend by security researchers. In a blog post this morning, NordVPN said it has known about the breach for “a few months,” but did not immediately disclose the problem because the company wanted to audit the rest of its systems. The flaw was limited to a single server, NordVPN says. The data center installed a remote access system on the server, without telling the VPN provider, and that system was insecure, allowing an outsider to gain access, according to the blog post.
The server was vulnerable between January 31st, 2018 and March 20th, 2018, but NordVPN believes it was only breached once, during March.
NordVPN says information taken from the server couldn’t have been used to decrypt traffic on any other server. It acknowledges that a stolen encryption key, which is now expired, could have been used to perform a man-in-the-middle attack, with the hacker disguising themselves as a NordVPN server. But NordVPN says such an attack would have to be “personalized and complicated” and apply to a single person at a time.
No other data centers were affected, NordVPN says, and it has cut ties with the company that maintained the flawed server.
Okman says the company doesn’t believe any information was taken, but that NordVPN will be informing its customers of the breach by email. “I would not call this a hack,” Okman said. “This is an isolated security breach — hack is too powerful a word in this case.”
Whatsapp: a vulnerability compromises the secrecy of
Cybersecurity researchers have revealed the details of a flaw discovered at Whatsapp. This allows an attacker to access the contents of secret and encrypted conversations of mail users.
The risk is however limited, because the attacker must, to access the discussions, integrate the group which it targets.A vulnerability discovered in July 2017
Like Telegram, it is one of the strengths of Whatsapp, and one of the components of its success: became in May last the most used in the world, the messaging, property of Facebook, willingly puts forward its famous encryption inviolable. Encryption has earned it pressure from several governments around the world, with many investigations stalling the company's refusal to cooperate with the law.
This is a serious blow that Whatsapp has to cash in these days: a team of researchers from the Ruhr University in Bochum (Germany) has just revealed the existence of a vulnerability discovered last July, and which allows to compromise the secret of conversations. A similar fault would also affect Signal and Threema mail, but to a lesser degree.The attacker never totally invisible
Technically, the flaw allows to take control of a server belonging to Whatsapp, and insert into any conversation group hosted on this server one or more new participants, without having to ask permission from the group administrator. And the maneuver is very easy, because Whatsapp has not provided any identification mechanism for invitations from its own servers.
Once integrated into the target group, the new member has access to the entire current conversation. But the messages exchanged before his arrival will remain inaccessible to him. The attacker, being master of the server, will also be able to block the notifications of the arrival of the intruder, and to erase at will the messages produced by the members of the group. Whatsapp is reassuring, recalling that two members will always be able to communicate online if they have a doubt about a new guest, and that an intruder will never be totally invisible.
NordVPN user accounts compromised and passwords exposed, report says .
Users' email addresses and plain-text passwords were posted to online forums, Ars Technica reports.Users' credentials, which contained email addresses, plain-text passwords and expiration dates associated with user accounts, were posted on online forums like Pastebin, according to Ars Technica. The publication polled a small sample of users from a list of 753 credentials and found that passwords for all but one were still being used. Several people reportedly said their accounts were accessed by unauthorized people.