NordVPN finally verifies that it was hacked

NordVPN Hacked
Should we rely on VPN services to keep our activities private? Are we really safe on the internet? Are VPN services trustworthy? These questions come to the mind when the safest service providers fail to give us the security and end up being hacked.


A large number of people have started using VPN services to keep their activities private, but a compromised VPN can be even worse for your anonymity.

NordVPN Breach

One of the leading VPN providers NordVPN has finally admitted that a hacker stole an expired TLS certificate key used to securely connect customers to the company’s web servers.

The keys were allegedly stolen and shared among many users in the darker corners of the internet. The attack happened in 2018 in March at the Finnish data centre of a service provider used by the company, exploiting a vulnerability in a remote management interface which NordVPN wasn’t told about.

While someone did access the server, NordVPN stresses that it does not save activity logs, user IDs, or other personal details. An unknown party had full remote control of the server for a period of time, and they could have used that to scoop up data from some users regardless of whether or not anything is stored on the server.

Now the question is, are NordVPN users compromised.

Based on all available evidence, the answer appears to be yes or no both. According to NordVPN, it is a no-logs VPN provider that does not store anything on its servers. So the hacker would not have any access to server logs. Same time we are unable to trust their statements. The breach is likely to cause alarm that hackers may have been in a position to access some user data.

NordVPN said, “no other server on our network has been affected.”

But the security researcher warned that NordVPN was ignoring the larger issue of the attacker’s possible access across the network. “Your car was just stolen and taken on a joy ride and you’re quibbling about which buttons were pushed on the radio?” the researcher said.

It is really a serious matter for all the VPN users. We trust VPN services and we fully rely on them for our security. They should take care of our privacy. Users shouldn’t be compromised at any cost.