{"id":453,"date":"2019-10-22T11:22:20","date_gmt":"2019-10-22T11:22:20","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=453"},"modified":"2019-10-22T11:22:20","modified_gmt":"2019-10-22T11:22:20","slug":"nordvpn-hacked","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/nordvpn-hacked\/","title":{"rendered":"NordVPN Hacked &#8211; Hackers Gained Access to Server and have Taken TLS key"},"content":{"rendered":"\n<p>NordVPN hacked, hackers gained access to the server by exploiting a flaw in remote management system provided by the Finland based datacenter.<\/p>\n\n\n\n<p class=\"has-background has-very-light-gray-background-color\">According to NordVPN report, the breach was learned in March 2018, hackers gained access to servers through a remote management system that can be accessed with no authorization.<\/p>\n\n\n\n<p>Once the breach was learned, the company launched an internal audit to check the entire infrastructure and to double-checked no other servers compromised in the way.<\/p>\n\n\n\n<p>NordVPN Spokesperson said, &#8221; We started creating a process to move all of our servers to RAM, which is to be completed next year. We have also raised the bar for all datacenters we work with. Now, before signing up with them, we make sure that they meet even higher standards.&#8221;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Expired TLS key<\/strong><\/h2>\n\n\n\n<p>The breach was learned on March 20, 2018, and the <a href=\"https:\/\/cybersecuritynews.com\/vpn-and-proxy\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"VPN (opens in a new tab)\">VPN<\/a> giant disclosed the issue only after check that other server locations are not vulnerable to such issues.<\/p>\n\n\n\n<p class=\"has-background has-very-light-gray-background-color\">The affected server was built on January 31, 2018, NordVPN said that the &#8220;datacenter has data center noticed the vulnerability they had left and deleted the remote management account without notifying us on March 20, 2018. Our techs found that the server provider had had the undisclosed account a few months ago.&#8221;<\/p>\n\n\n\n<p>Researchers found expired NordVPN public keys are leaked.<\/p>\n\n\n\n<figure class=\"wp-block-embed-twitter aligncenter wp-block-embed is-type-rich is-provider-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">So apparently NordVPN was compromised at some point. Their (expired) private keys have been leaked, meaning anyone can just set up a server with those keys&#8230; <a href=\"https:\/\/t.co\/TOap6NyvNy\">pic.twitter.com\/TOap6NyvNy<\/a><\/p>&mdash; undefined (@hexdefined) <a href=\"https:\/\/twitter.com\/hexdefined\/status\/1185864801261477891?ref_src=twsrc%5Etfw\">October 20, 2019<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>Attackers took the expired TLS key from the server, &#8220;the key couldn\u2019t possibly have been used to decrypt the VPN traffic of any other server,&#8221; NordVPN <a href=\"https:\/\/nordvpn.com\/blog\/official-response-datacenter-breach\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"said (opens in a new tab)\">said<\/a>.<\/p>\n\n\n\n<p class=\"has-background has-very-light-gray-background-color\">Also, the company confirms the affected server doesn&#8217;t have any user activity logs and no applications send credentials to the server for authentication, so no credentials or other servers are not affected.<\/p>\n\n\n\n<p>&#8220;When we learned about the vulnerability the datacenter had a few months back, we immediately terminated the contract with the server provider and shredded all the servers we had been renting from them.&#8221;<\/p>\n\n\n\n<p>According to w3techs&#8217;s report, more than 55% of websites use HTTPS protocols, by having the VPN encryption key attackers can only decrypt the extra layer of protection and not possible to decrypt the HTTPS traffic.<\/p>\n\n\n\n<p>&#8220;On the same note, the only possible way to abuse website traffic was by performing a personalized and complicated MiTM attack to intercept a single connection that tried to access.&#8221;<\/p>\n\n\n\n<p>NordVPN said that the company was preparing for a bug bounty program to maximize security among all the services.<\/p>\n\n\n\n<figure class=\"wp-block-embed-twitter wp-block-embed is-type-rich is-provider-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/t.co\/maZBOR6FVD\">https:\/\/t.co\/maZBOR6FVD<\/a> is the source. Also includes some hacks of VikingVPN and TorGuard. VikingVPN also wasn&#39;t practicing secure PKI management. TorGuard was though. The last link in that post appears to be 8chan itself, which had a .bash_history exposed.<\/p>&mdash; \u200d \u200d\u200d\u200d\u14ed cryptostorm \u14ef (@cryptostorm_is) <a href=\"https:\/\/twitter.com\/cryptostorm_is\/status\/1186097950327476224?ref_src=twsrc%5Etfw\">October 21, 2019<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>Likely other VPN providers such as VikingVPN and TorGuard also suffered a breach last year.<\/p>\n\n\n\n<p class=\"has-background has-very-light-gray-background-color\"><strong>You can follow us on&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\" target=\"_blank\">Linkedin<\/a>,&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/The_Cyber_News\" target=\"_blank\">Twitter<\/a>,&nbsp;<\/strong><a rel=\"noreferrer noopener\" href=\"https:\/\/www.facebook.com\/gbhackersadmin\" target=\"_blank\"><strong>Facebook<\/strong><\/a><strong>&nbsp;for daily Cyber Security and hacking news updates<\/strong>.\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>NordVPN hacked, hackers gained access to the server by exploiting a flaw in remote management system provided by the Finland based datacenter. According to NordVPN report, the breach was learned in March 2018, hackers gained access to servers through a remote management system that can be accessed with no authorization. Once the breach was learned, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,9,52],"tags":[144,283,416],"class_list":{"0":"post-453","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-cyber-security-news","7":"category-cyber-attack","8":"category-vpn","9":"tag-cyber-attack","10":"tag-nordvpn-hacked","11":"tag-vulnerability"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>NordVPN Hacked - Hackers Gained Access to Server<\/title>\n<meta name=\"description\" content=\"NordVPN hacked, hackers gained access to the server by exploiting a flaw in remote management system provided by the Finland based datacenter.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/nordvpn-hacked\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NordVPN Hacked - Hackers Gained Access to Server and have Taken TLS key\" \/>\n<meta property=\"og:description\" content=\"NordVPN hacked, hackers gained access to the server by exploiting a flaw in remote management system provided by the Finland based datacenter.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/nordvpn-hacked\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/guruba008\" \/>\n<meta property=\"article:published_time\" content=\"2019-10-22T11:22:20+00:00\" \/>\n<meta name=\"author\" content=\"Guru Baran\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@guruba008\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Guru Baran\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"NordVPN Hacked - Hackers Gained Access to Server","description":"NordVPN hacked, hackers gained access to the server by exploiting a flaw in remote management system provided by the Finland based datacenter.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/nordvpn-hacked\/","og_locale":"en_US","og_type":"article","og_title":"NordVPN Hacked - Hackers Gained Access to Server and have Taken TLS key","og_description":"NordVPN hacked, hackers gained access to the server by exploiting a flaw in remote management system provided by the Finland based datacenter.","og_url":"https:\/\/cybersecuritynews.com\/nordvpn-hacked\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_author":"https:\/\/www.facebook.com\/guruba008","article_published_time":"2019-10-22T11:22:20+00:00","author":"Guru Baran","twitter_card":"summary_large_image","twitter_creator":"@guruba008","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Guru Baran","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/nordvpn-hacked\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/nordvpn-hacked\/"},"author":{"name":"Guru Baran","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/f7f138f8fd41a61bb60151da47730026"},"headline":"NordVPN Hacked &#8211; Hackers Gained Access to Server and have Taken TLS key","datePublished":"2019-10-22T11:22:20+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/nordvpn-hacked\/"},"wordCount":448,"commentCount":0,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"keywords":["cyber attack","NordVPN hacked","vulnerability"],"articleSection":["Cyber Security News","Cyberattack News","VPN"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/cybersecuritynews.com\/nordvpn-hacked\/#respond"]}],"copyrightYear":"2019","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/nordvpn-hacked\/","url":"https:\/\/cybersecuritynews.com\/nordvpn-hacked\/","name":"NordVPN Hacked - Hackers Gained Access to Server","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"datePublished":"2019-10-22T11:22:20+00:00","description":"NordVPN hacked, hackers gained access to the server by exploiting a flaw in remote management system provided by the Finland based datacenter.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/nordvpn-hacked\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/nordvpn-hacked\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/nordvpn-hacked\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"NordVPN Hacked &#8211; Hackers Gained Access to Server and have Taken TLS key"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World&#039;s #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/f7f138f8fd41a61bb60151da47730026","name":"Guru Baran","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/72f86da0bb72b6886d25f0ef0c881daba3a98356bc44f916f8d3a62c9e856579?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/72f86da0bb72b6886d25f0ef0c881daba3a98356bc44f916f8d3a62c9e856579?s=96&d=mm&r=g","caption":"Guru Baran"},"description":"Gurubaran is the Co-Founder and Editor-in-Chief of CyberSecurityNews.com, specializing in vulnerability analysis, malware research, ransomware, and computer forensics.","sameAs":["https:\/\/cybersecuritynews.com","https:\/\/www.facebook.com\/guruba008","https:\/\/www.linkedin.com\/in\/gurubaran-cyberwrites\/","https:\/\/x.com\/guruba008"],"url":"https:\/\/cybersecuritynews.com\/author\/guru\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/453","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=453"}],"version-history":[{"count":0,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/453\/revisions"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=453"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=453"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=453"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}