Malware

NordVPN Hacked – Hackers Gained Access to Server and have Taken TLS key

NordVPN hacked, hackers gained access to the server by exploiting a flaw in remote management system provided by the Finland based datacenter.

According to NordVPN report, the breach was learned in March 2018, hackers gained access to servers through a remote management system that can be accessed with no authorization.

Once the breach was learned, the company launched an internal audit to check the entire infrastructure and to double-checked no other servers compromised in the way.

NordVPN Spokesperson said, ” We started creating a process to move all of our servers to RAM, which is to be completed next year. We have also raised the bar for all datacenters we work with. Now, before signing up with them, we make sure that they meet even higher standards.”

Expired TLS key

The breach was learned on March 20, 2018, and the VPN giant disclosed the issue only after check that other server locations are not vulnerable to such issues.

The affected server was built on January 31, 2018, NordVPN said that the “datacenter has data center noticed the vulnerability they had left and deleted the remote management account without notifying us on March 20, 2018. Our techs found that the server provider had had the undisclosed account a few months ago.”

Researchers found expired NordVPN public keys are leaked.

Attackers took the expired TLS key from the server, “the key couldn’t possibly have been used to decrypt the VPN traffic of any other server,” NordVPN said.

Also, the company confirms the affected server doesn’t have any user activity logs and no applications send credentials to the server for authentication, so no credentials or other servers are not affected.

“When we learned about the vulnerability the datacenter had a few months back, we immediately terminated the contract with the server provider and shredded all the servers we had been renting from them.”

According to w3techs’s report, more than 55% of websites use HTTPS protocols, by having the VPN encryption key attackers can only decrypt the extra layer of protection and not possible to decrypt the HTTPS traffic.

“On the same note, the only possible way to abuse website traffic was by performing a personalized and complicated MiTM attack to intercept a single connection that tried to access.”

NordVPN said that the company was preparing for a bug bounty program to maximize security among all the services.

Likely other VPN providers such as VikingVPN and TorGuard also suffered a breach last year.

You can follow us on LinkedinTwitterFacebook for daily Cyber Security and hacking news updates.

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Cisco Warns of Password Spraying Attacks Exploiting VPN Services

Password spraying is a technique hackers often take advantage of because it enables them to…

2 hours ago

GitLab Security Flaw Let Attackers Inject Malicious Scripts: Patch Now

GitLab has announced the release of updated versions for both its Community Edition (CE) and…

2 hours ago

Multiple Splunk Vulnerabilities Attackers Bypass SPL Safeguards : Patch Now

Splunk Inc. has disclosed two significant vulnerabilities within its software suite, posing a considerable risk…

7 hours ago

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…

20 hours ago

C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance

In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…

21 hours ago

Apple ID “push bombing” Attack Targeting Apple Users to Steal passwords

Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…

23 hours ago