One of the world’s most popular virtual private network providers has admitted it suffered a breach last year. NordVPN’s motto is to “protect your privacy online” and claims a “zero logs” policy, but subscribers are worried the hack may have compromised user data.
A spokesperson said one of its data centers in Finland was accessed without authorization back in March 2018. The attacker got in by “by exploiting an insecure remote management system left by the data center provider,” which NordVPN didn’t know existed.
“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either,” said the spokesperson. “On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.”