Consumer Rights Wiki

NordVPN: Difference between revisions

← Older editNewer edit →
VisualWikitext
MrAlex! (talk | contribs)
confirmed
18 edits
m Fixed typo
Tempo123 (talk | contribs)
confirmed
354 edits
References: Archive
Line 32: Line 32:


===Tracking inside App===
===Tracking inside App===
An analysis by German privacy blogger and activist Mike Kuketz found third party tracking services embedded into the apps of five different VPN services, including three in NordVPN's app (AppsFlyer, Google Crashlytics, and Google Firebase Analytics).<ref>{{Cite web |last=Kuketz |first=Mike |date=2025-09-29 |title=VPN-Apps: Wenn »Sicherheits-Apps« selbst zum Risiko werden [VPN-Apps: When "Security-Apps" themselves become a risk] |url=https://www.kuketz-blog.de/vpn-apps-wenn-sicherheits-apps-selbst-zum-risiko-werden/ |access-date=2025-10-27 |website=Kuketz IT-Security}}</ref>
An analysis by German privacy blogger and activist Mike Kuketz found third party tracking services embedded into the apps of five different VPN services, including three in NordVPN's app (AppsFlyer, Google Crashlytics, and Google Firebase Analytics).<ref>{{Cite web |last=Kuketz |first=Mike |date=2025-09-29 |title=VPN-Apps: Wenn »Sicherheits-Apps« selbst zum Risiko werden [VPN-Apps: When "Security-Apps" themselves become a risk] |url=https://www.kuketz-blog.de/vpn-apps-wenn-sicherheits-apps-selbst-zum-risiko-werden/ |url-status=live |archive-url=https://megalodon.jp/2026-0408-0210-36/https://www.kuketz-blog.de:443/vpn-apps-wenn-sicherheits-apps-selbst-zum-risiko-werden/ |archive-date=7 Apr 2026 |access-date=2025-10-27 |website=Kuketz IT-Security}}</ref>


When confronted with the allegations, NordVPN denied the allegations, answering with statements about the website instead of the smarphone app. Kuketz then conducted his own in-depth analysis of the app's traffic (his initial analysis was based on data from the [https://exodus-privacy.eu.org/en/ Exodus Privacy Project]), revealing that at least two of the trackers were indeed present.
When confronted with the allegations, NordVPN denied the allegations, answering with statements about the website instead of the smarphone app. Kuketz then conducted his own in-depth analysis of the app's traffic (his initial analysis was based on data from the [https://exodus-privacy.eu.org/en/ Exodus Privacy Project]), revealing that at least two of the trackers were indeed present.
Line 38: Line 38:
Confronted with the results, the company spoke of a "misunderstanding", which Kuketz describes as "not very convincing".
Confronted with the results, the company spoke of a "misunderstanding", which Kuketz describes as "not very convincing".


He further notes that NordVPN's PR manager is using a NordVPN e-mail address which is hosted by Google, meaning any e-mail communication with the company over the same channels would be fully exposed to the advertising giant's data collection.<ref>{{Cite web |last=Kuketz |first=Mike |date=2025-10-20 |title=NordVPN bestreitet den Einsatz von Trackern – Doch ein App-Mitschnitt zeigt ein anderes Bild [NordVPN denies use of trackers – but an analysis of the app's traffic paints a different picture] |url=https://www.kuketz-blog.de/nordvpn-bestreitet-den-einsatz-von-trackern-doch-ein-app-mitschnitt-zeigt-ein-anderes-bild/ |access-date=2025-10-27 |website=Kuketz IT-Security}}</ref>
He further notes that NordVPN's PR manager is using a NordVPN e-mail address which is hosted by Google, meaning any e-mail communication with the company over the same channels would be fully exposed to the advertising giant's data collection.<ref>{{Cite web |last=Kuketz |first=Mike |date=2025-10-20 |title=NordVPN bestreitet den Einsatz von Trackern – Doch ein App-Mitschnitt zeigt ein anderes Bild [NordVPN denies use of trackers – but an analysis of the app's traffic paints a different picture] |url=https://www.kuketz-blog.de/nordvpn-bestreitet-den-einsatz-von-trackern-doch-ein-app-mitschnitt-zeigt-ein-anderes-bild/ |url-status=live |archive-url=https://megalodon.jp/2026-0408-0210-39/https://www.kuketz-blog.de:443/nordvpn-bestreitet-den-einsatz-von-trackern-doch-ein-app-mitschnitt-zeigt-ein-anderes-bild/ |archive-date=7 Apr 2026 |access-date=2025-10-27 |website=Kuketz IT-Security}}</ref>


===Data center breach===
===Data center breach===
In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web |date=2019-10-21 |title=Why the NordVPN network is safe after a third-party provider breach |url=https://nordvpn.com/blog/official-response-datacenter-breach/ |access-date=2026-02-22 |website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.
In March 2018 one of NordVPN's third party servers located in Finland was breached. According to official accounts<ref name=":0">{{Cite web |date=2019-10-21 |title=Why the NordVPN network is safe after a third-party provider breach |url=https://nordvpn.com/blog/official-response-datacenter-breach/ |url-status=live |archive-url=https://megalodon.jp/2026-0408-0206-55/https://nordvpn.com:443/blog/official-response-datacenter-breach/ |archive-date=7 Apr 2026 |access-date=2026-02-22 |website=NordVPN}}</ref> the attacker gained access to the server thanks to poor management on the data center part, which shortly after patched the issue but failed to make NordVPN aware of the breach until April 13, 2018.


No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" />  Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web |date=2019-10-23 |title=NordVPN Hack – Everything You Need to Know |url=https://cyberinsider.com/nordvpn-hack/ |access-date=2026-02-22 |website=Cyber Insider |archive-url=http://web.archive.org/web/20260131112151/https://cyberinsider.com/nordvpn-hack/ |archive-date=31 Jan 2026}}</ref>  
No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" />  Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web |date=2019-10-23 |title=NordVPN Hack – Everything You Need to Know |url=https://cyberinsider.com/nordvpn-hack/ |access-date=2026-02-22 |website=Cyber Insider |archive-url=http://web.archive.org/web/20260131112151/https://cyberinsider.com/nordvpn-hack/ |archive-date=31 Jan 2026}}</ref>  
Line 47: Line 47:
NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web |first= |date=2019-10-20 |title=So apparently NordVPN was compromised at some point |url=https://x.com/hexdefined/status/1185864801261477891 |access-date=2026-02-22 |website=x.com |archive-url=http://web.archive.org/web/20250823025908/https://x.com/hexdefined/status/1185864801261477891 |archive-date=23 Aug 2025}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />
NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web |first= |date=2019-10-20 |title=So apparently NordVPN was compromised at some point |url=https://x.com/hexdefined/status/1185864801261477891 |access-date=2026-02-22 |website=x.com |archive-url=http://web.archive.org/web/20250823025908/https://x.com/hexdefined/status/1185864801261477891 |archive-date=23 Aug 2025}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" />


NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web |first= |date=2019-10-26 |title=How NordVPN will become more secure than ever |url=https://nordvpn.com/blog/security-plan/ |access-date=2026-02-22 |website=NordVPN}}</ref>
NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web |first= |date=2019-10-26 |title=How NordVPN will become more secure than ever |url=https://nordvpn.com/blog/security-plan/ |url-status=live |archive-url=https://megalodon.jp/2026-0408-0209-06/https://nordvpn.com:443/blog/security-plan/ |archive-date=7 Apr 2026 |access-date=2026-02-22 |website=NordVPN}}</ref>


==Products==
==Products==
Retrieved from "https://consumerrights.wiki/w/NordVPN"