Attackers gained access to the NordVPN servers back in 2018

NordVPN confirmed that attackers gained access to their servers in March 2018.

“The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the data center provider”, — reported in NordVPN.

Was compromised server with the remote control system left by the lessor of the Data center. NordVPN did not know about the existence of this system, they assured the company.

“No user activity logs were stored on the server itself; none of our applications sent user credentials for authentication, so logins and passwords could not be intercepted. On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN”, — said VPN-service representatives.

NordVPN said it learned about the hacking “a few months ago,” but a company spokesman said it hadn’t been publicly reported until today because they wanted to be “100% sure that every component in the infrastructure is safe.”

Read also: Information security researcher publishes PoC exploit for critical vulnerability in Android

An anonymous cybersecurity specialist warned that NordVPN is ignoring a broader issue that is possible access by attackers to other company systems.

“Your car has just been hijacked and you argue which buttons he criminal pressed on the radio? ”They spent millions on ads, but apparently nothing on effective defensive security”, — noted anonymous TechCrunch respondent.

NordVPN was recently recommended by TechRadar and PCMag. CNET described it as its “favorite” VPN provider.