NordVPN suffers from unauthorised access to a data centre
NordVPN, a VPN provider, has confirmed that it suffered a cyber attack in March 2018 that gained unauthorized access to one of the data centers of a provider in Finland where its service was deployed, having seen compromised configuration files, certificates and three private keys.
The attacker exploited a vulnerability of the server provider and intercepted the user credentials, although NordVPN claims that the affected server did not contain sensitive information.
The incident has also affected other providers using the same data center, such as VikingVPN and TorGuard. TorGuard has issued a statement explaining that it has not been affected, as its primary CA key was stored outside the compromised server.
- 21/10/2019 nordvpn.com Why the NordVPN network is safe after a third-party provider breach
- 21/10/2019 torguard.net Why TorGuard’s Network is Secure After an Isolated 2017 Server Breach
- 21/10/2019 techcrunch.com NordVPN confirms it was hacked
- 21/10/2019 genbeta.com NordVPN confirma un ataque que accedió a uno de sus centros de datos, aunque "no afectó a los usuarios"
- 22/10/2019 unaaldia.hispasec.com Brecha de seguridad en NordVPN y TorGuard VPN