NordVPN Hacked – Hackers Gained Access to Server and have Taken TLS key

NordVPN hacked, hackers gained access to the server by exploiting a flaw in remote management system provided by the Finland based datacenter.

According to NordVPN report, the breach was learned in March 2018, hackers gained access to servers through a remote management system that can be accessed with no authorization.

Once the breach was learned, the company launched an internal audit to check the entire infrastructure and to double-checked no other servers compromised in the way.

NordVPN Spokesperson said, ” We started creating a process to move all of our servers to RAM, which is to be completed next year. We have also raised the bar for all datacenters we work with. Now, before signing up with them, we make sure that they meet even higher standards.”

Expired TLS key

The breach was learned on March 20, 2018, and the VPN giant disclosed the issue only after check that other server locations are not vulnerable to such issues.

The affected server was built on January 31, 2018, NordVPN said that the “datacenter has data center noticed the vulnerability they had left and deleted the remote management account without notifying us on March 20, 2018. Our techs found that the server provider had had the undisclosed account a few months ago.”

Researchers found expired NordVPN public keys are leaked.

Attackers took the expired TLS key from the server, “the key couldn’t possibly have been used to decrypt the VPN traffic of any other server,” NordVPN said.

Also, the company confirms the affected server doesn’t have any user activity logs and no applications send credentials to the server for authentication, so no credentials or other servers are not affected.

“When we learned about the vulnerability the datacenter had a few months back, we immediately terminated the contract with the server provider and shredded all the servers we had been renting from them.”

According to w3techs’s report, more than 55% of websites use HTTPS protocols, by having the VPN encryption key attackers can only decrypt the extra layer of protection and not possible to decrypt the HTTPS traffic.

“On the same note, the only possible way to abuse website traffic was by performing a personalized and complicated MiTM attack to intercept a single connection that tried to access.”

NordVPN said that the company was preparing for a bug bounty program to maximize security among all the services.

Likely other VPN providers such as VikingVPN and TorGuard also suffered a breach last year.

You can follow us on LinkedinTwitterFacebook for daily Cyber Security and hacking news updates.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability

Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…

16 hours ago

Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks

Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…

17 hours ago

Vigil: Open-source Security Scanner for LLM Models Like ChatGPT

An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…

17 hours ago

Slovenia’s Biggest Power Provider has Suffered a Cyberattack

One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…

17 hours ago

Genesis Market Technique: Hackers Exploited Node.js and EV Certificates

In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…

20 hours ago

Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable to Takeover – Hunters

BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 - A severe design flaw in…

2 days ago