NordVPN: Difference between revisions
→References: Archive |
→References: X -> Nitter and archive |
||
| Line 45: | Line 45: | ||
No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web |date=2019-10-23 |title=NordVPN Hack – Everything You Need to Know |url=https://cyberinsider.com/nordvpn-hack/ |access-date=2026-02-22 |website=Cyber Insider |archive-url=http://web.archive.org/web/20260131112151/https://cyberinsider.com/nordvpn-hack/ |archive-date=31 Jan 2026}}</ref> | No sensitive user data was stolen, but the attacker did get access to TLS keys which ''"under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack"''.<ref name=":0" /> Said TLS keys were made public by the attacker on the website 8chan together with information relating to breaches of other VPN providers such as TorGuard and VikingVPN.<ref>{{Cite web |date=2019-10-23 |title=NordVPN Hack – Everything You Need to Know |url=https://cyberinsider.com/nordvpn-hack/ |access-date=2026-02-22 |website=Cyber Insider |archive-url=http://web.archive.org/web/20260131112151/https://cyberinsider.com/nordvpn-hack/ |archive-date=31 Jan 2026}}</ref> | ||
NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web |first= |date=2019-10-20 |title=So apparently NordVPN was compromised at some point |url=https:// | NordVPN released an official statement more than a year later, only after a researcher on [https://x.com/ X] revealed that NordVPN ''"was compromised at some point"''.<ref>{{Cite web |first= |date=2019-10-20 |title=So apparently NordVPN was compromised at some point |url=https://nitter.catsarch.com/hexdefined/status/1185864801261477891 |url-status=live |archive-url=https://web.archive.org/web/20260407180621/https://nitter.catsarch.com/hexdefined/status/1185864801261477891 |archive-date=7 Apr 2026 |access-date=2026-02-22 |website=x.com}}</ref> This was followed by significant turmoil within the community, as individuals remained uninformed for all of this time. According to NordVPN, the delay was justified by an internal audit they were executing of all of their servers which they wanted to complete before notifying the public, making sure that the attack could not be replicated.<ref name=":0" /> | ||
NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web |first= |date=2019-10-26 |title=How NordVPN will become more secure than ever |url=https://nordvpn.com/blog/security-plan/ |url-status=live |archive-url=https://megalodon.jp/2026-0408-0209-06/https://nordvpn.com:443/blog/security-plan/ |archive-date=7 Apr 2026 |access-date=2026-02-22 |website=NordVPN}}</ref> | NordVPN has since taken down the affected server and terminated the contract with the data center. A security plan was later announced as well.<ref>{{Cite web |first= |date=2019-10-26 |title=How NordVPN will become more secure than ever |url=https://nordvpn.com/blog/security-plan/ |url-status=live |archive-url=https://megalodon.jp/2026-0408-0209-06/https://nordvpn.com:443/blog/security-plan/ |archive-date=7 Apr 2026 |access-date=2026-02-22 |website=NordVPN}}</ref> | ||