“Best VPN Provider” NordVPN Confirms It Was Hacked in 2018

The FPS Review may receive a commission if you purchase something after clicking a link in this article.

One of the world’s most popular virtual private network providers has admitted it suffered a breach last year. NordVPN’s motto is to “protect your privacy online” and claims a “zero logs” policy, but subscribers are worried the hack may have compromised user data.

A spokesperson said one of its data centers in Finland was accessed without authorization back in March 2018. The attacker got in by “by exploiting an insecure remote management system left by the data center provider,” which NordVPN didn’t know existed.

“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either,” said the spokesperson. “On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.”


Tsing Mui
Tsing has been writing the news for over 5 years, first at [H]ard|OCP and now at The FPS Review. He has a background in journalism and makes sure to give his readers the relevant context to why each news post matters.

Recent News