large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

NordVPN admits an “attacker gained access” to its server

VPN provider, NordVPN, has admitted that a hacker gained access to its server back in March. 

NordVPN provide a private network for users and many sign up for the service with security in mind. Its admission to a server breach is all the more surprising as a result.

There had been previous suspicions that the platform had been hacked in some way, however this admission will, no doubt, dent NordVPN’s reputation for security. The company has blamed a third party data centre, from whom the company rented servers.

Related: Best VPN

In a statement on its website, NordVPN wrote: “A few months ago we became aware that, on March 2018, one of the datacentres in Finland we had been renting our servers from was accessed with no authorisation. The attacker gained access to the server by exploiting an insecure remote management system left by the data centre provider. We were unaware that such a system existed.”

The statement also describes the Finnish host company as having “not disclosed” this weakness in its security. The contract with the Finnish firm has been terminated as a result of the breach.

The VPN provider has said the server in question was one of around 3000 in use by the company and that the hacking of one could not see the attacker access the others. This puts the problem into perspective so, thankfully, NordVPN customers are very unlikely to be affected.

Notably, the server that was hacked, according to the statement, did not contain any “user activity logs”. NordVPN says that, as a result, no username and password information could have been taken by the attacker.

NordVPN is seemingly doing its best to restore a reputation for data privacy and security.

The company statement added: “We have undergone an application security audit, are working on a second no-logs audit right now, and are preparing a bug bounty programme. We will give our all to maximise the security of every aspect of our service, and next year we will launch an independent external audit of all of our infrastructure to make sure we did not miss anything.

“With this incident, we learned important lessons about security, communication, and marketing.”

Related: Best VPN for security and privacy

The marketing addition might seem a little odd there. That is seemingly tagged on the statement because someone from the NordVPN marketing department posted an unfortunately timed social media post about Nord VPN being the perfect protection from hackers:

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.