NordVPN - Revision history

Tempo123: /* References */ X -> Nitter and archive

2026-04-07T18:07:15Z

References: X -> Nitter and archive

← Older revision		Revision as of 18:07, 7 April 2026
Line 45:		Line 45:
	No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date=2019-10-23 \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=2026-02-22 \|website=Cyber Insider \|archive-url=http://web.archive.org/web/20260131112151/https://cyberinsider.com/nordvpn-hack/ \|archive-date=31 Jan 2026}}</ref>		No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date=2019-10-23 \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=2026-02-22 \|website=Cyber Insider \|archive-url=http://web.archive.org/web/20260131112151/https://cyberinsider.com/nordvpn-hack/ \|archive-date=31 Jan 2026}}</ref>

	NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date=2019-10-20 \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|~~access~~-~~date~~=~~2026-02-22 \|website=x.com~~ \|archive-url=~~http~~://web.archive.org/web/~~20250823025908~~/https://x.com/hexdefined/status/1185864801261477891 \|archive-date=~~23 Aug 2025~~}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />		NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date=2019-10-20 \|title=So apparently NordVPN was compromised at some point \|url=https://nitter.catsarch.com/hexdefined/status/1185864801261477891 \|url-status=live \|archive-url=https://web.archive.org/web/20260407180621/https://nitter.catsarch.com/hexdefined/status/1185864801261477891 \|archive-date=7 Apr 2026 \|access-date=2026-02-22 \|website=x.com}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />

	NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date=2019-10-26 \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|url-status=live \|archive-url=https://megalodon.jp/2026-0408-0209-06/https://nordvpn.com:443/blog/security-plan/ \|archive-date=7 Apr 2026 \|access-date=2026-02-22 \|website=NordVPN}}</ref>		NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date=2019-10-26 \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|url-status=live \|archive-url=https://megalodon.jp/2026-0408-0209-06/https://nordvpn.com:443/blog/security-plan/ \|archive-date=7 Apr 2026 \|access-date=2026-02-22 \|website=NordVPN}}</ref>

Tempo123: /* References */ Archive

2026-04-07T17:11:17Z

References: Archive

← Older revision		Revision as of 17:11, 7 April 2026
Line 32:		Line 32:

	===Tracking inside App===		===Tracking inside App===
	An analysis by German privacy blogger and activist Mike Kuketz found third party tracking services embedded into the apps of five different VPN services, including three in NordVPN's app (AppsFlyer, Google Crashlytics, and Google Firebase Analytics).<ref>{{Cite web \|last=Kuketz \|first=Mike \|date=2025-09-29 \|title=VPN-Apps: Wenn »Sicherheits-Apps« selbst zum Risiko werden [VPN-Apps: When "Security-Apps" themselves become a risk] \|url=https://www.kuketz-blog.de/vpn-apps-wenn-sicherheits-apps-selbst-zum-risiko-werden/ \|access-date=2025-10-27 \|website=Kuketz IT-Security}}</ref>		An analysis by German privacy blogger and activist Mike Kuketz found third party tracking services embedded into the apps of five different VPN services, including three in NordVPN's app (AppsFlyer, Google Crashlytics, and Google Firebase Analytics).<ref>{{Cite web \|last=Kuketz \|first=Mike \|date=2025-09-29 \|title=VPN-Apps: Wenn »Sicherheits-Apps« selbst zum Risiko werden [VPN-Apps: When "Security-Apps" themselves become a risk] \|url=https://www.kuketz-blog.de/vpn-apps-wenn-sicherheits-apps-selbst-zum-risiko-werden/ \|url-status=live \|archive-url=https://megalodon.jp/2026-0408-0210-36/https://www.kuketz-blog.de:443/vpn-apps-wenn-sicherheits-apps-selbst-zum-risiko-werden/ \|archive-date=7 Apr 2026 \|access-date=2025-10-27 \|website=Kuketz IT-Security}}</ref>

	When confronted with the allegations, NordVPN denied the allegations, answering with statements about the website instead of the smarphone app. Kuketz then conducted his own in-depth analysis of the app's traffic (his initial analysis was based on data from the [https://exodus-privacy.eu.org/en/ Exodus Privacy Project]), revealing that at least two of the trackers were indeed present.		When confronted with the allegations, NordVPN denied the allegations, answering with statements about the website instead of the smarphone app. Kuketz then conducted his own in-depth analysis of the app's traffic (his initial analysis was based on data from the [https://exodus-privacy.eu.org/en/ Exodus Privacy Project]), revealing that at least two of the trackers were indeed present.
Line 38:		Line 38:
	Confronted with the results, the company spoke of a "misunderstanding", which Kuketz describes as "not very convincing".		Confronted with the results, the company spoke of a "misunderstanding", which Kuketz describes as "not very convincing".

	He further notes that NordVPN's PR manager is using a NordVPN e-mail address which is hosted by Google, meaning any e-mail communication with the company over the same channels would be fully exposed to the advertising giant's data collection.<ref>{{Cite web \|last=Kuketz \|first=Mike \|date=2025-10-20 \|title=NordVPN bestreitet den Einsatz von Trackern – Doch ein App-Mitschnitt zeigt ein anderes Bild [NordVPN denies use of trackers – but an analysis of the app's traffic paints a different picture] \|url=https://www.kuketz-blog.de/nordvpn-bestreitet-den-einsatz-von-trackern-doch-ein-app-mitschnitt-zeigt-ein-anderes-bild/ \|access-date=2025-10-27 \|website=Kuketz IT-Security}}</ref>		He further notes that NordVPN's PR manager is using a NordVPN e-mail address which is hosted by Google, meaning any e-mail communication with the company over the same channels would be fully exposed to the advertising giant's data collection.<ref>{{Cite web \|last=Kuketz \|first=Mike \|date=2025-10-20 \|title=NordVPN bestreitet den Einsatz von Trackern – Doch ein App-Mitschnitt zeigt ein anderes Bild [NordVPN denies use of trackers – but an analysis of the app's traffic paints a different picture] \|url=https://www.kuketz-blog.de/nordvpn-bestreitet-den-einsatz-von-trackern-doch-ein-app-mitschnitt-zeigt-ein-anderes-bild/ \|url-status=live \|archive-url=https://megalodon.jp/2026-0408-0210-39/https://www.kuketz-blog.de:443/nordvpn-bestreitet-den-einsatz-von-trackern-doch-ein-app-mitschnitt-zeigt-ein-anderes-bild/ \|archive-date=7 Apr 2026 \|access-date=2025-10-27 \|website=Kuketz IT-Security}}</ref>

	===Data center breach===		===Data center breach===
	In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web \|date=2019-10-21 \|title=Why the NordVPN network is safe after a third-party provider breach \|url=https://nordvpn.com/blog/official-response-datacenter-breach/ \|access-date=2026-02-22 \|website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.		In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web \|date=2019-10-21 \|title=Why the NordVPN network is safe after a third-party provider breach \|url=https://nordvpn.com/blog/official-response-datacenter-breach/ \|url-status=live \|archive-url=https://megalodon.jp/2026-0408-0206-55/https://nordvpn.com:443/blog/official-response-datacenter-breach/ \|archive-date=7 Apr 2026 \|access-date=2026-02-22 \|website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.

	No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date=2019-10-23 \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=2026-02-22 \|website=Cyber Insider \|archive-url=http://web.archive.org/web/20260131112151/https://cyberinsider.com/nordvpn-hack/ \|archive-date=31 Jan 2026}}</ref>		No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date=2019-10-23 \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=2026-02-22 \|website=Cyber Insider \|archive-url=http://web.archive.org/web/20260131112151/https://cyberinsider.com/nordvpn-hack/ \|archive-date=31 Jan 2026}}</ref>
Line 47:		Line 47:
	NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date=2019-10-20 \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|access-date=2026-02-22 \|website=x.com \|archive-url=http://web.archive.org/web/20250823025908/https://x.com/hexdefined/status/1185864801261477891 \|archive-date=23 Aug 2025}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />		NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date=2019-10-20 \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|access-date=2026-02-22 \|website=x.com \|archive-url=http://web.archive.org/web/20250823025908/https://x.com/hexdefined/status/1185864801261477891 \|archive-date=23 Aug 2025}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />

	NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date=2019-10-26 \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|access-date=2026-02-22 \|website=NordVPN}}</ref>		NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date=2019-10-26 \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|url-status=live \|archive-url=https://megalodon.jp/2026-0408-0209-06/https://nordvpn.com:443/blog/security-plan/ \|archive-date=7 Apr 2026 \|access-date=2026-02-22 \|website=NordVPN}}</ref>

	==Products==		==Products==

MrAlex!: Fixed typo

2026-02-23T17:44:37Z

Fixed typo

← Older revision		Revision as of 17:44, 23 February 2026
Line 16:		Line 16:
	*'''User freedom:''' A class action lawsuit was proposed accusing NordVPN of unlawful subscription renewal practices.		*'''User freedom:''' A class action lawsuit was proposed accusing NordVPN of unlawful subscription renewal practices.
	*'''User privacy:''' Internet traffic that exits the US border is subject to interception by US intelligence agencies (not limited to NordVPN); tracking services have been found within NordVPN's mobile app; has suffered a breach of one of their data centers that was only disclosed more than a year after the incident.		*'''User privacy:''' Internet traffic that exits the US border is subject to interception by US intelligence agencies (not limited to NordVPN); tracking services have been found within NordVPN's mobile app; has suffered a breach of one of their data centers that was only disclosed more than a year after the incident.
	*'''Business model:''' Sells subscription services that mainly include their VPN product, but higher tiers can also have add-ons such as their identity protection service ''NordProtect'', their ~~could~~ storage service ''NordLocker'' and their password manager ''NordPass'' as well as others.		*'''Business model:''' Sells subscription services that mainly include their VPN product, but higher tiers can also have add-ons such as their identity protection service ''NordProtect'', their cloud storage service ''NordLocker'' and their password manager ''NordPass'' as well as others.
	*'''Market competition:''' Plenty of popular brands (i.e. [https://protonvpn.com/ ProtonVPN], [https://mullvad.net/en Mullvad], ...).		*'''Market competition:''' Plenty of popular brands (i.e. [https://protonvpn.com/ ProtonVPN], [https://mullvad.net/en Mullvad], ...).

MrAlex!: Added parent company name to cargo

2026-02-23T17:43:54Z

Added parent company name to cargo

← Older revision		Revision as of 17:43, 23 February 2026
Line 5:		Line 5:
	\|Industry=Cybersecurity, Virtual Private Networks		\|Industry=Cybersecurity, Virtual Private Networks
	\|Logo=NordVPN logo.svg		\|Logo=NordVPN logo.svg
	\|ParentCompany=		\|ParentCompany=Nord Security
	\|Type=Private		\|Type=Private
	\|Website=https://nordvpn.com		\|Website=https://nordvpn.com
	}}		}}

	'''{{wplink\|NordVPN}}''' is a {{wplink\|virtual private network}} (VPN) service provider owned by Nord Security. NordVPN heavily advertises their products on popular YouTube channels. NordVPN operates worldwide, with offices in the United Kingdom, the Netherlands, Poland, Germany, the United States, Lithuania, Switzerland, and Panama.		'''{{wplink\|NordVPN}}''' is a {{wplink\|virtual private network}} (VPN) service provider owned by Nord Security. NordVPN heavily advertises their products on popular YouTube channels. NordVPN operates worldwide, with offices in the United Kingdom, the Netherlands, Poland, Germany, the United States, Lithuania, Switzerland, and Panama.

Bananabot: Added archive URLs for 1 citation(s) using CRWCitationBot

2026-02-23T12:47:12Z

Added archive URLs for 1 citation(s) using CRWCitationBot

← Older revision		Revision as of 12:47, 23 February 2026
Line 22:		Line 22:
	===Subscription Renewal Practices===		===Subscription Renewal Practices===

	A class action lawsuit has been proposed on November 19, 2024 accusing NordVPN and its developer Nord Security of using deceptive and illegal subscription renewal practices.<ref>Rizzi, C. (2024, November 20). NordVPN lawsuit filed over allegedly illegal automatic subscription renewal practices. ClassAction.org. Retrieved May 24, 2025, from https://www.classaction.org/news/nordvpn-lawsuit-filed-over-allegedly-illegal-automatic-subscription-renewal-practices</ref>		A class action lawsuit has been proposed on November 19, 2024 accusing NordVPN and its developer Nord Security of using deceptive and illegal subscription renewal practices.<ref>Rizzi, C. (2024, November 20). NordVPN lawsuit filed over allegedly illegal automatic subscription renewal practices. ClassAction.org. Retrieved May 24, 2025, from https://www.classaction.org/news/nordvpn-lawsuit-filed-over-allegedly-illegal-automatic-subscription-renewal-practices ([http://web.archive.org/web/20250720090038/https://www.classaction.org/news/nordvpn-lawsuit-filed-over-allegedly-illegal-automatic-subscription-renewal-practices Archived])</ref>

	===Privacy concerns===		===Privacy concerns===

Bananabot: Added archive URLs for 4 citation(s) using CRWCitationBot

2026-02-23T06:42:53Z

Added archive URLs for 4 citation(s) using CRWCitationBot

← Older revision		Revision as of 06:42, 23 February 2026
Line 26:		Line 26:
	===Privacy concerns===		===Privacy concerns===

	Due to current laws, United States intelligence agencies are prohibited from spying on American citizens' communications, including internet traffic (with some expanding exceptions).<ref>{{Cite web \|title=Electronic Communications Privacy Act of 1986 (ECPA) \|url=https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285 \|url-status=live \|access-date=2025-03-25 \|website=Office of Justice Programs}}</ref> However, internet traffic that exits the country is legally subject to interception and decryption. This includes VPN providers that route traffic outside the United States. As a result, using a VPN may inadvertently expose users to surveillance by U.S. intelligence agencies. No international VPN providers disclose this risk to their customers. It is entirely legal for U.S. intelligence agencies to break encryption, perform man-in-the-middle attacks, or employ other methods to weaken encryption on data crossing international borders.		Due to current laws, United States intelligence agencies are prohibited from spying on American citizens' communications, including internet traffic (with some expanding exceptions).<ref>{{Cite web \|title=Electronic Communications Privacy Act of 1986 (ECPA) \|url=https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285 \|url-status=live \|access-date=2025-03-25 \|website=Office of Justice Programs \|archive-url=http://web.archive.org/web/20260124102522/https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285 \|archive-date=24 Jan 2026}}</ref> However, internet traffic that exits the country is legally subject to interception and decryption. This includes VPN providers that route traffic outside the United States. As a result, using a VPN may inadvertently expose users to surveillance by U.S. intelligence agencies. No international VPN providers disclose this risk to their customers. It is entirely legal for U.S. intelligence agencies to break encryption, perform man-in-the-middle attacks, or employ other methods to weaken encryption on data crossing international borders.

	If data passes international borders it is subject to "bulk collection" by the Intelligence Community because of Executive Order 12333.<ref>{{Cite web \|last=Goitein \|first=Elizabeth \|date=2022-02-15 \|title=How the CIA Is Acting Outside the Law to Spy on Americans \|url=https://www.brennancenter.org/our-work/analysis-opinion/how-cia-acting-outside-law-spy-americans \|url-status=live \|access-date=2025-03-26 \|website=Brennan Center}}</ref>		If data passes international borders it is subject to "bulk collection" by the Intelligence Community because of Executive Order 12333.<ref>{{Cite web \|last=Goitein \|first=Elizabeth \|date=2022-02-15 \|title=How the CIA Is Acting Outside the Law to Spy on Americans \|url=https://www.brennancenter.org/our-work/analysis-opinion/how-cia-acting-outside-law-spy-americans \|url-status=live \|access-date=2025-03-26 \|website=Brennan Center \|archive-url=http://web.archive.org/web/20251210020204/https://www.brennancenter.org/our-work/analysis-opinion/how-cia-acting-outside-law-spy-americans \|archive-date=10 Dec 2025}}</ref>

	===Tracking inside App===		===Tracking inside App===
Line 42:		Line 42:
	In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web \|date=2019-10-21 \|title=Why the NordVPN network is safe after a third-party provider breach \|url=https://nordvpn.com/blog/official-response-datacenter-breach/ \|access-date=2026-02-22 \|website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.		In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web \|date=2019-10-21 \|title=Why the NordVPN network is safe after a third-party provider breach \|url=https://nordvpn.com/blog/official-response-datacenter-breach/ \|access-date=2026-02-22 \|website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.

	No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date=2019-10-23 \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=2026-02-22 \|website=Cyber Insider}}</ref>		No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date=2019-10-23 \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=2026-02-22 \|website=Cyber Insider \|archive-url=http://web.archive.org/web/20260131112151/https://cyberinsider.com/nordvpn-hack/ \|archive-date=31 Jan 2026}}</ref>

	NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date=2019-10-20 \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|access-date=2026-02-22 \|website=x.com}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />		NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date=2019-10-20 \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|access-date=2026-02-22 \|website=x.com \|archive-url=http://web.archive.org/web/20250823025908/https://x.com/hexdefined/status/1185864801261477891 \|archive-date=23 Aug 2025}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />

	NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date=2019-10-26 \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|access-date=2026-02-22 \|website=NordVPN}}</ref>		NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date=2019-10-26 \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|access-date=2026-02-22 \|website=NordVPN}}</ref>

SinexTitan: revert if you wish but imo ExpressVPN's more advertised slop

2026-02-22T15:59:48Z

revert if you wish but imo ExpressVPN's more advertised slop

← Older revision		Revision as of 15:59, 22 February 2026
Line 16:		Line 16:
	*'''User privacy:''' Internet traffic that exits the US border is subject to interception by US intelligence agencies (not limited to NordVPN); tracking services have been found within NordVPN's mobile app; has suffered a breach of one of their data centers that was only disclosed more than a year after the incident.		*'''User privacy:''' Internet traffic that exits the US border is subject to interception by US intelligence agencies (not limited to NordVPN); tracking services have been found within NordVPN's mobile app; has suffered a breach of one of their data centers that was only disclosed more than a year after the incident.
	*'''Business model:''' Sells subscription services that mainly include their VPN product, but higher tiers can also have add-ons such as their identity protection service ''NordProtect'', their could storage service ''NordLocker'' and their password manager ''NordPass'' as well as others.		*'''Business model:''' Sells subscription services that mainly include their VPN product, but higher tiers can also have add-ons such as their identity protection service ''NordProtect'', their could storage service ''NordLocker'' and their password manager ''NordPass'' as well as others.
	*'''Market competition:''' Plenty of popular brands (i.e. ~~[https://www.expressvpn.com/ ExpressVPN],~~ [https://protonvpn.com/ ProtonVPN], [https://mullvad.net/en Mullvad], ...).		*'''Market competition:''' Plenty of popular brands (i.e. [https://protonvpn.com/ ProtonVPN], [https://mullvad.net/en Mullvad], ...).

	==Incidents==		==Incidents==

SinexTitan: /* References */ fixed up the fucked up ref dates

2026-02-22T15:57:54Z

References: fixed up the fucked up ref dates

← Older revision		Revision as of 15:57, 22 February 2026
Line 13:		Line 13:
	==Consumer-impact summary==		==Consumer-impact summary==

	* '''User freedom:''' A class action lawsuit was proposed accusing NordVPN of unlawful subscription renewal practices.		*'''User freedom:''' A class action lawsuit was proposed accusing NordVPN of unlawful subscription renewal practices.
	* '''User privacy:''' Internet traffic that exits the US border is subject to interception by US intelligence agencies (not limited to NordVPN); tracking services have been found within NordVPN's mobile app; has suffered a breach of one of their data centers that was only disclosed more than a year after the incident.		*'''User privacy:''' Internet traffic that exits the US border is subject to interception by US intelligence agencies (not limited to NordVPN); tracking services have been found within NordVPN's mobile app; has suffered a breach of one of their data centers that was only disclosed more than a year after the incident.
	* '''Business model:''' Sells subscription services that mainly include their VPN product, but higher tiers can also have add-ons such as their identity protection service ''NordProtect'', their could storage service ''NordLocker'' and their password manager ''NordPass'' as well as others.		*'''Business model:''' Sells subscription services that mainly include their VPN product, but higher tiers can also have add-ons such as their identity protection service ''NordProtect'', their could storage service ''NordLocker'' and their password manager ''NordPass'' as well as others.
	* '''Market competition:''' Plenty of popular brands (i.e. [https://www.expressvpn.com/ ExpressVPN], [https://protonvpn.com/ ProtonVPN], [https://mullvad.net/en Mullvad], ...).		*'''Market competition:''' Plenty of popular brands (i.e. [https://www.expressvpn.com/ ExpressVPN], [https://protonvpn.com/ ProtonVPN], [https://mullvad.net/en Mullvad], ...).

	==Incidents==		==Incidents==
Line 26:		Line 26:
	===Privacy concerns===		===Privacy concerns===

	Due to current laws, United States intelligence agencies are prohibited from spying on American citizens' communications, including internet traffic (with some expanding exceptions).<ref>{{Cite web \|title=Electronic Communications Privacy Act of 1986 (ECPA) \|url=https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285 \|url-status=live \|access-date=25 ~~Mar 2025~~ \|website=Office of Justice Programs}}</ref> However, internet traffic that exits the country is legally subject to interception and decryption. This includes VPN providers that route traffic outside the United States. As a result, using a VPN may inadvertently expose users to surveillance by U.S. intelligence agencies. No international VPN providers disclose this risk to their customers. It is entirely legal for U.S. intelligence agencies to break encryption, perform man-in-the-middle attacks, or employ other methods to weaken encryption on data crossing international borders.		Due to current laws, United States intelligence agencies are prohibited from spying on American citizens' communications, including internet traffic (with some expanding exceptions).<ref>{{Cite web \|title=Electronic Communications Privacy Act of 1986 (ECPA) \|url=https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285 \|url-status=live \|access-date=2025-03-25 \|website=Office of Justice Programs}}</ref> However, internet traffic that exits the country is legally subject to interception and decryption. This includes VPN providers that route traffic outside the United States. As a result, using a VPN may inadvertently expose users to surveillance by U.S. intelligence agencies. No international VPN providers disclose this risk to their customers. It is entirely legal for U.S. intelligence agencies to break encryption, perform man-in-the-middle attacks, or employ other methods to weaken encryption on data crossing international borders.

	If data passes international borders it is subject to "bulk collection" by the Intelligence Community because of Executive Order 12333.<ref>{{Cite web \|last=Goitein \|first=Elizabeth \|date=15 ~~Feb 2022~~ \|title=How the CIA Is Acting Outside the Law to Spy on Americans \|url=https://www.brennancenter.org/our-work/analysis-opinion/how-cia-acting-outside-law-spy-americans \|url-status=live \|access-date=26 ~~Mar 2025~~ \|website=Brennan Center}}</ref>		If data passes international borders it is subject to "bulk collection" by the Intelligence Community because of Executive Order 12333.<ref>{{Cite web \|last=Goitein \|first=Elizabeth \|date=2022-02-15 \|title=How the CIA Is Acting Outside the Law to Spy on Americans \|url=https://www.brennancenter.org/our-work/analysis-opinion/how-cia-acting-outside-law-spy-americans \|url-status=live \|access-date=2025-03-26 \|website=Brennan Center}}</ref>

	===Tracking inside App===		===Tracking inside App===
Line 40:		Line 40:

	===Data center breach===		===Data center breach===
	In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web \|title=Why the NordVPN network is safe after a third-party provider breach \|url=https://nordvpn.com/blog/official-response-datacenter-breach/ \|access-date=~~21 Oct 2019~~ \|website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.		In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web \|date=2019-10-21 \|title=Why the NordVPN network is safe after a third-party provider breach \|url=https://nordvpn.com/blog/official-response-datacenter-breach/ \|access-date=2026-02-22 \|website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.

	No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date= \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=~~23 Oct 2019~~ \|website=Cyber Insider}}</ref>		No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date=2019-10-23 \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=2026-02-22 \|website=Cyber Insider}}</ref>

	NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date= \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|access-date=~~20 Oct 2019~~ \|website=x.com}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />		NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date=2019-10-20 \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|access-date=2026-02-22 \|website=x.com}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />

	NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date= \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|access-date=~~26 Oct 2019~~ \|website=NordVPN}}</ref>		NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date=2019-10-26 \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|access-date=2026-02-22 \|website=NordVPN}}</ref>

	==Products==		==Products==

MrAlex!: Created consumer-impact summary

2026-02-22T15:03:11Z

Created consumer-impact summary

← Older revision		Revision as of 15:03, 22 February 2026
Line 12:		Line 12:

	==Consumer-impact summary==		==Consumer-impact summary==
	~~{{Placeholder box\|Overview of concerns that arise from the company's conduct regarding (if applicable):~~
	* User freedom		* '''User freedom:''' A class action lawsuit was proposed accusing NordVPN of unlawful subscription renewal practices.
	* User privacy		* '''User privacy:''' Internet traffic that exits the US border is subject to interception by US intelligence agencies (not limited to NordVPN); tracking services have been found within NordVPN's mobile app; has suffered a breach of one of their data centers that was only disclosed more than a year after the incident.
	* Business model		* '''Business model:''' Sells subscription services that mainly include their VPN product, but higher tiers can also have add-ons such as their identity protection service ''NordProtect'', their could storage service ''NordLocker'' and their password manager ''NordPass'' as well as others.
	* Market ~~control}}~~		* '''Market competition:''' Plenty of popular brands (i.e. [https://www.expressvpn.com/ ExpressVPN], [https://protonvpn.com/ ProtonVPN], [https://mullvad.net/en Mullvad], ...).

	==Incidents==		==Incidents==

MrAlex!: Added website titles to references

2026-02-22T14:20:07Z

Added website titles to references

← Older revision		Revision as of 14:20, 22 February 2026
Line 42:		Line 42:
	In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web \|title=Why the NordVPN network is safe after a third-party provider breach \|url=https://nordvpn.com/blog/official-response-datacenter-breach/ \|access-date=21 Oct 2019 \|website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.		In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web \|title=Why the NordVPN network is safe after a third-party provider breach \|url=https://nordvpn.com/blog/official-response-datacenter-breach/ \|access-date=21 Oct 2019 \|website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.

	No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date= \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=23 Oct 2019}}</ref>		No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date= \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=23 Oct 2019 \|website=Cyber Insider}}</ref>

	NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date= \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|access-date=20 Oct 2019}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />		NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date= \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|access-date=20 Oct 2019 \|website=x.com}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />

	NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|date= \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|access-date=26 Oct 2019}}</ref>		NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date= \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|access-date=26 Oct 2019 \|website=NordVPN}}</ref>

	==Products==		==Products==

← Older revision		Revision as of 18:07, 7 April 2026
Line 45:		Line 45:
	No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date=2019-10-23 \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=2026-02-22 \|website=Cyber Insider \|archive-url=http://web.archive.org/web/20260131112151/https://cyberinsider.com/nordvpn-hack/ \|archive-date=31 Jan 2026}}</ref>		No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date=2019-10-23 \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=2026-02-22 \|website=Cyber Insider \|archive-url=http://web.archive.org/web/20260131112151/https://cyberinsider.com/nordvpn-hack/ \|archive-date=31 Jan 2026}}</ref>

	NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date=2019-10-20 \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|~~access~~-~~date~~=~~2026-02-22 \|website=x.com~~ \|archive-url=~~http~~://web.archive.org/web/~~20250823025908~~/https://x.com/hexdefined/status/1185864801261477891 \|archive-date=~~23 Aug 2025~~}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />		NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date=2019-10-20 \|title=So apparently NordVPN was compromised at some point \|url=https://nitter.catsarch.com/hexdefined/status/1185864801261477891 \|url-status=live \|archive-url=https://web.archive.org/web/20260407180621/https://nitter.catsarch.com/hexdefined/status/1185864801261477891 \|archive-date=7 Apr 2026 \|access-date=2026-02-22 \|website=x.com}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />

	NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date=2019-10-26 \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|url-status=live \|archive-url=https://megalodon.jp/2026-0408-0209-06/https://nordvpn.com:443/blog/security-plan/ \|archive-date=7 Apr 2026 \|access-date=2026-02-22 \|website=NordVPN}}</ref>		NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date=2019-10-26 \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|url-status=live \|archive-url=https://megalodon.jp/2026-0408-0209-06/https://nordvpn.com:443/blog/security-plan/ \|archive-date=7 Apr 2026 \|access-date=2026-02-22 \|website=NordVPN}}</ref>

← Older revision		Revision as of 06:42, 23 February 2026
Line 26:		Line 26:
	===Privacy concerns===		===Privacy concerns===

	Due to current laws, United States intelligence agencies are prohibited from spying on American citizens' communications, including internet traffic (with some expanding exceptions).<ref>{{Cite web \|title=Electronic Communications Privacy Act of 1986 (ECPA) \|url=https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285 \|url-status=live \|access-date=2025-03-25 \|website=Office of Justice Programs}}</ref> However, internet traffic that exits the country is legally subject to interception and decryption. This includes VPN providers that route traffic outside the United States. As a result, using a VPN may inadvertently expose users to surveillance by U.S. intelligence agencies. No international VPN providers disclose this risk to their customers. It is entirely legal for U.S. intelligence agencies to break encryption, perform man-in-the-middle attacks, or employ other methods to weaken encryption on data crossing international borders.		Due to current laws, United States intelligence agencies are prohibited from spying on American citizens' communications, including internet traffic (with some expanding exceptions).<ref>{{Cite web \|title=Electronic Communications Privacy Act of 1986 (ECPA) \|url=https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285 \|url-status=live \|access-date=2025-03-25 \|website=Office of Justice Programs \|archive-url=http://web.archive.org/web/20260124102522/https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285 \|archive-date=24 Jan 2026}}</ref> However, internet traffic that exits the country is legally subject to interception and decryption. This includes VPN providers that route traffic outside the United States. As a result, using a VPN may inadvertently expose users to surveillance by U.S. intelligence agencies. No international VPN providers disclose this risk to their customers. It is entirely legal for U.S. intelligence agencies to break encryption, perform man-in-the-middle attacks, or employ other methods to weaken encryption on data crossing international borders.

	If data passes international borders it is subject to "bulk collection" by the Intelligence Community because of Executive Order 12333.<ref>{{Cite web \|last=Goitein \|first=Elizabeth \|date=2022-02-15 \|title=How the CIA Is Acting Outside the Law to Spy on Americans \|url=https://www.brennancenter.org/our-work/analysis-opinion/how-cia-acting-outside-law-spy-americans \|url-status=live \|access-date=2025-03-26 \|website=Brennan Center}}</ref>		If data passes international borders it is subject to "bulk collection" by the Intelligence Community because of Executive Order 12333.<ref>{{Cite web \|last=Goitein \|first=Elizabeth \|date=2022-02-15 \|title=How the CIA Is Acting Outside the Law to Spy on Americans \|url=https://www.brennancenter.org/our-work/analysis-opinion/how-cia-acting-outside-law-spy-americans \|url-status=live \|access-date=2025-03-26 \|website=Brennan Center \|archive-url=http://web.archive.org/web/20251210020204/https://www.brennancenter.org/our-work/analysis-opinion/how-cia-acting-outside-law-spy-americans \|archive-date=10 Dec 2025}}</ref>

	===Tracking inside App===		===Tracking inside App===
Line 42:		Line 42:
	In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web \|date=2019-10-21 \|title=Why the NordVPN network is safe after a third-party provider breach \|url=https://nordvpn.com/blog/official-response-datacenter-breach/ \|access-date=2026-02-22 \|website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.		In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web \|date=2019-10-21 \|title=Why the NordVPN network is safe after a third-party provider breach \|url=https://nordvpn.com/blog/official-response-datacenter-breach/ \|access-date=2026-02-22 \|website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.

	No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date=2019-10-23 \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=2026-02-22 \|website=Cyber Insider}}</ref>		No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date=2019-10-23 \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=2026-02-22 \|website=Cyber Insider \|archive-url=http://web.archive.org/web/20260131112151/https://cyberinsider.com/nordvpn-hack/ \|archive-date=31 Jan 2026}}</ref>

	NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date=2019-10-20 \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|access-date=2026-02-22 \|website=x.com}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />		NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date=2019-10-20 \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|access-date=2026-02-22 \|website=x.com \|archive-url=http://web.archive.org/web/20250823025908/https://x.com/hexdefined/status/1185864801261477891 \|archive-date=23 Aug 2025}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />

	NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date=2019-10-26 \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|access-date=2026-02-22 \|website=NordVPN}}</ref>		NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date=2019-10-26 \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|access-date=2026-02-22 \|website=NordVPN}}</ref>

← Older revision		Revision as of 14:20, 22 February 2026
Line 42:		Line 42:
	In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web \|title=Why the NordVPN network is safe after a third-party provider breach \|url=https://nordvpn.com/blog/official-response-datacenter-breach/ \|access-date=21 Oct 2019 \|website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.		In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web \|title=Why the NordVPN network is safe after a third-party provider breach \|url=https://nordvpn.com/blog/official-response-datacenter-breach/ \|access-date=21 Oct 2019 \|website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.

	No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date= \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=23 Oct 2019}}</ref>		No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web \|date= \|title=NordVPN Hack – Everything You Need to Know \|url=https://cyberinsider.com/nordvpn-hack/ \|access-date=23 Oct 2019 \|website=Cyber Insider}}</ref>

	NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date= \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|access-date=20 Oct 2019}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />		NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web \|first= \|date= \|title=So apparently NordVPN was compromised at some point \|url=https://x.com/hexdefined/status/1185864801261477891 \|access-date=20 Oct 2019 \|website=x.com}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />

	NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|date= \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|access-date=26 Oct 2019}}</ref>		NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web \|first= \|date= \|title=How NordVPN will become more secure than ever \|url=https://nordvpn.com/blog/security-plan/ \|access-date=26 Oct 2019 \|website=NordVPN}}</ref>

	==Products==		==Products==