NordVPN’s Hacking Incident 2019 – Why Not To Worry About It?

When the news of a server of NordVPN having been hacked broke out, people all around the world were in great shock simply because NordVPN has always been trusted as one of the safest VPN services in the world. As a matter of fact, NordVPN offers multiple features that ensure high security to its users.

NordVPN confirmed that one of their servers was hacked but they denied it was their fault. It all happened because of the negligence of a third-party company that NordVPN had been leasing in Finland. NordVPN chose not to reveal the name of that company.

Was NordVPN Actually Hacked?

On 21st October 2019, it was announced by NordVPN that one of their servers was hacked in March 2018. NordVPN said that they were late to disclose the news of one of their servers having been hacked just because they first wanted to confirm the issue completely. It was further explained that only one server in Finland was hacked and it was because the datacenter installed a remote access system on the server without informing NordVPN about it. 

The server that was affected was brought online on January 31st, 2018. Evidence of the breach appeared in public on March 5th, 2018. The possibility of unauthorized access to the NordVPN server was restricted when the data center deleted the undisclosed management account on March 20th, 2018. The server got cut off on April 13, 2019 – the moment NordVPN suspected a possible breach

How Bad Was This Breach?

In March 2018, a hacker managed to get access to one of NordVPN’s servers in Finland. The hacker used a remote access feature that was left in place on the server. That server was managed by a third-party company and leased by NordVPN. 

The hacker was able to catch the Transport Layer Security key that is used to verify that a site is actually run by NordVPN. The server company was negligent enough and didn’t manage its remote access tools well, and that made it easy for the hacker to get access to the server. The hacker then got access to some user data as well. It was a complicated man-in-the-middle attack that the hacker attempted to abuse the website traffic.

However, NordVPN said that none of their other servers were affected. They also claimed that not a lot of their users were affected, and also that they were going to enhance their security features to prevent an event like this from happening in the future.

Why Is NordVPN Still Trustworthy After the Hacking Incident?

NordVPN has been trusted by many people for several years. It is known for its security features. Recently, they faced a setback because one of their servers had been hacked. However, NordVPN is still trustworthy because the rest of their servers were not affected and it wasn’t at all NordVPN’s fault that one of their servers got hacked. It was rather the data center’s fault.

NordVPN also verified that there was no proof showing if any of their customers were affected or if their data was accessed by the trespasser. At the time of the connection to the server, the hacker could only see what an ordinary ISP would see, which means that the hacker was not able to get any personal information of any user.

The intruder managed to gain access to a single server NordVPN had rented from a Finnish data center. The server itself did not consist of any user activity logs. None of their applications sent user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted. 

After that, NordVPN stated that their service as a whole was not hacked; their code was not hacked and the VPN tunnel was not breached. The NordVPN applications were unaffected. It was an instance of unauthorized access to 1 of more than 5000 servers they had. NordVPN further clarified that the hacker had managed to access that server because of the mistakes made by the data center owner, of which NordVPN was not aware. As soon as they found out about the issue, they ceased the relationship with this particular data center and shredded the server.

The media discovered that it was not a targeted attack against NordVPN; at least two other VPN services were affected. There’s a chance that other services that rented servers from that data center could have been affected as well. 

To prevent any similar incidents, among other means, NordVPN encrypts the hard disk of each new server that they build. The security of their customers is the highest priority to them and they promised to raise the standards even more after the incident.

NordVPN treats VPN servers as untrusted in the rest of their infrastructure. It is not possible to get access to other VPN servers, the user’s database or any other server from a compromised VPN server. It is not possible to decrypt any ongoing or recorded VPN session even if someone obtained private keys from the VPN server. Perfect Forward Secrecy (with Diffie-Hellman key exchange algorithm) is in use. Keys from the VPN server are used only to authenticate the server and not for encryption.

Why Is NordVPN Worth It?

NordVPN was established in 2012. Since its launch, it has gained popularity and is one of the most trusted VPN today despite such an incident aforementioned, and it continues to be one of the best names in the VPN industry. Word has it that it is an amazing choice when you want a VPN that you can trust blindfolded. 

NordVPN ensures a feature-rich service. Military-grade encryption, no logs policy, P2P sharing, fast speed, automatic kill switch and DNS leak protection are some of its best features. It is especially great for video streaming because it is very fast.

NordVPN has desktop applications for macOS, Windows, and Linux. Mobile apps are available for iOS and Android. For wireless routers and NAS devices, a manual setup is available. They have 5569 servers in 60 countries, which is quite a lot.