NordVPN reveals data centre breach

Attacker infiltrated server at Finland data centre

Popular virtual private network service NordVPN confirmed one of its rented data centre servers suffered a breach in March 2018.

In an announcement posted on the company’s website Monday, the VPN provider revealed the attacker accessed the server at a Finland data centre by exploiting the data centre provider’s remote management system, which the company was unaware existed.

NordVPN, which deals with highly sensitive and private activity logs, was quick to reassure its 12 million customers:

“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either,” the company wrote.

The company stressed the affected server was an isolated case and that no other data centre providers it uses have been affected. At the time, NordVPN was renting 3000 servers from a range of data centres worldwide.

Following the breach, the company said it launched a thorough audit of its infrastructure to double-check that no other server could be exploited in the same fashion, and said it now ensures data centre providers meet higher standards.

Although it took NordVPN over a year to publicly disclose the breach, the VPN provider immediately terminated the contract with the data centre and shredded all the servers rented from them.

“We did not disclose the exploit immediately because we had to make sure that none of our infrastructure could be prone to similar issues. This couldn’t be done quickly due to the huge number of servers and the complexity of our infrastructure,” the company explained.

“Even though only 1 of more than 3000 servers we had at the time was affected, we are not trying to undermine the severity of the issue. We failed by contracting an unreliable server provider and should have done better to ensure the security of our customers. We are taking all the necessary means to enhance our security.”