Why the NordVPN network is safe

Why the NordVPN network is safe

Wednesday 23 October 2019

Why the NordVPN network is safe after a third-party provider breach.

Information has recently surfaced about a NordVPN breach caused by vulnerabilities in a third-party datacenter. Here are the key facts about the NordVPN breach situation:

  • One server was affected in March 2018 in Finland. The rest of our service was not affected. No other servers of any type were put at risk. This was an attack on our server, not our entire service.
  • The breach was made possible by poor configuration on a third-party datacenter’s part that we were never notified of. Evidence suggests that when the datacenter became aware of the intrusion, they deleted the accounts that had caused the vulnerabilities rather than notify us of their mistake. As soon as we learned of the breach, the server and our contract with the provider were terminated and we began an extensive audit of our service.
  • No user credentials were affected.
  • There are no signs that the intruder attempted to monitor user traffic in any way. Even if they had, they would not have had access to those users’ credentials.
  • The attacker did acquire TLS keys that, under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack that we detail further below. These keys could not and cannot be used to decrypt any encrypted NordVPN traffic in any form.
  • Two other VPN providers were impacted in attacks published by the same intruder. We do not believe that this was a targeted attack against NordVPN.
  • The incident effectively showed that the affected server did not contain any user activity logs. To prevent any similar incidents, among other means, we encrypt the hard disk of each new server we build. The security of our customers is the highest priority to us and we will continue to raise our standards further and further.

— NordVPN


Anonymous Shop

One-of-a-Kind Products. Unique designs on trendy gear you simply can’t get anywhere else. Powered by Pros. Spreadshirt prints and ships your order fast and on-demand.

NordVPN, shield your browsing from hackers and surveillance.

Protect all your devices.

2-Year Plan | Discount -72%
Anonymous Shop

One-of-a-Kind Products. Unique designs on trendy gear you simply can’t get anywhere else. Powered by Pros. Spreadshirt prints and ships your order fast and on-demand.

NordVPN, shield your browsing from hackers and surveillance.

Protect all your devices.

2-Year Plan | Discount -72%

Keywords

Privacy VPN

Translation

Security Alert: Sextortion is on the rise

Security Alert: Sextortion is on the rise

Security Alert: Lucrative Scam of Sextortion Is on the Rise. January 21, 2019. The latest report from cybersecurity company Symantec shows that (...)


Riseup Letters: Who are you really?

Riseup Letters: Who are you really?

Here is a common question we are asked: I was wondering, how can I know that Riseup is trustworthy? Something like riseup.net could be the (...)


Tor Guide - Freedom & Privacy Online

Tor Guide - Freedom & Privacy Online

Tor Powering Digital Resistance. Tor “The Onion Router” protects your privacy. The landscape of the Internet is in a constant state of change, and (...)


Three challenges for the web, according to its inventor

Three challenges for the web, according to its inventor

Today is the world wide web’s 28th birthday. Here’s a message from our founder and web inventor Sir Tim Berners-Lee on how the web has evolved, (...)


Alert - Riseup financial update

Alert - Riseup financial update

Riseup financial update - The news is not good. Riseup provides online communication tools for people and groups working on liberatory social (...)


With Love and Hope, The Riseup Collective

With Love and Hope, The Riseup Collective

There is a war being fought over your communication. One side wants control, so they can profit from and watch everything you say and do online. (...)


WikiLeaks

Submit documents to WikiLeaks

WikiLeaks publishes documents of political or historical importance that are censored or otherwise suppressed.


/e/ Foundation
eFoundation is a non-profit organization leading the development of Open Source mobile operating systems that respect users’ data privacy.

Tor Browser
Tor Browser
Tor protects your privacy

NordVPN
Protect all your devices.
2-Year Plan | Discount -72%