NordVPN, TorGuard, and VikingVPN were breached early in 2018. The attackers were able to gain root access of the VPN’s servers. An expired private key from one of NordVPN’s Finland-based servers was stolen and published online by an attacker, exposing user data. NordVPN has since terminated the contract with the owner of the compromised servers. TorGuard only had a single server compromised. The company has confirmed they were practicing secure PKI management and the main CA key wasn’t stored in the compromised server. The details of the VikingVPN breach have yet to be confirmed by the company. If a cyber-criminal takes possession of these private keys, they can generate their own server certificate and/or keys to create a fake VPN service mimicking the real ones. This tactic would allow them to perform a Man-in-the-Middle (MITM) attack, spoofing the user. Based on the information we know, the attackers could have had insights into the insecure HTTP traffic flowing through the breached servers. This knowledge would have given them the ability to tamper with the traffic by sniffing it directly or modulating it by injecting malicious traffic. NordVPN has claimed the stolen key wouldn’t have been able to decrypt traffic on other servers. The attackers would have also been able to see the user DNS lookups, giving away the user browsing data and defeating the purpose of using a VPN altogether. Although NordVPN has not released any evidence of malicious activity, they have launched a deeper investigation into their infrastructure. It’s important to remember that when using a VPN service, users are sending their traffic to a third party, therefore trusting them with the security and integrity of their data. Even though the VPN providers claim to store no logs or usernames/passwords, attackers got control of their servers. These incidents show the importance of not having a single point of failure in security and never trusting something that you can’t test yourself. We’ve always believed there was a better way to protect computers, laptops, and tablets from attackers, without relying on a VPN. That’s why we built the Byos µGateway. The µGateway provides endpoint micro-segmentation through hardware-enforced isolation, removing the vulnerabilities left by VPNs; instead of routing traffic to third-party servers, all of the security processing is done on the µGateway before it reaches the network. The user’s browsing is completely private because the µGateway uses DNS over TLS for encrypted browsing queries. Endpoint segmentation using the µGateway also stops attackers from stealing data by compromising the OS and software—something a VPN cannot prevent. People often ask us what happens to their data when they use the µGateway. The only time the µGateway talks to our servers is when it is booting up, first checking the validity of the user’s license and then checking for available security updates. Once that process is complete, the µGateway cuts off communication with our servers and begins providing the user with Layer 1 to Layer 5 protection.And if you don’t trust us, test it yourself and let us know what you find or check out our bug bounty whitepaper. The µGateway is the first of its kind: a portable WiFi security device for protection on any network. For more info about VPNs used in an enterprise setting, check out The Problem with VPNs. Sources:What Happened?
Why does this matter?
Byos µGateway: Endpoint Micro-Segmentation
FAQs
NordVPN, TorGuard, and VikingVPN breached — Byos - Edge Micro-Segmentation? ›
What Happened? NordVPN, TorGuard, and VikingVPN were breached early in 2018. The attackers were able to gain root access of the VPN's servers. An expired private key from one of NordVPN's Finland-based servers was stolen and published online by an attacker, exposing user data.
Has NordVPN been compromised? ›Introduction: The NordVPN Data Breach
In October 2019, it came to light that one of NordVPN's Finland servers was hacked in March 2018. This breach raised significant concerns as NordVPN is a prominent provider of VPN services, boasting millions of users worldwide.
NordVPN had a security slip-up in 2019, which made many wonder about their customers' safety. An outside tech expert spotted this issue when they found a weak spot in a NordVPN server. While NordVPN was clear that their customers' data wasn't messed with but the risk of data exposure still was there.
Is NordVPN a security risk? ›NordVPN is a secure and reliable VPN provider trusted by millions of users worldwide.
Is NordVPN really private? ›NordVPN is a good VPN. Its headquarters is in Panama, which isn't part of any international surveillance alliances. It won't track anything about the user's web activity or IP addresses, encrypting both with AES-256. NordVPN allows for Netflix and torrenting use, and it has fast speeds on our Mac computer.
Why is NordVPN blocking everything? ›If you can access the site with Threat Protection off and you think that NordVPN shouldn't block this website, please inform our customer support. If you're using a Windows device, your antivirus/firewall may be blocking the access. Try adding exceptions for NordVPN.exe and nordvpn-service.exe.
Can police track you through NordVPN? ›Whether police can track VPN traffic is a common concern among users seeking online privacy. The truth is: the police can't monitor encrypted VPN traffic. However, they can ask your Internet Service Provider (ISP) to provide connection or usage logs through a court order, which can lead them to your VPN provider.
Is NordVPN safe in 2024? ›2 spot on our rating of the Best VPNs of 2024. NordVPN is known for fast speeds, comprehensive service, extra features, and solid security and privacy standards.
Is NordVPN 100% safe? ›We only collect the data needed to provide our service. We are a zero-logs VPN. We believe that our industry-first audit shows that we won't share your information with government agencies because we simply don't have it. Next-generation encryption.
Can we trust NordVPN? ›Is NordVPN safe? NordVPN is the most secure VPN we tested. It has earned a remarkable reputation in digital security thanks to its market-leading encryption and secure tunneling protocols. Besides, all of NordVPN's servers run on RAM.
Can I be tracked if I use NordVPN? ›
PricewaterhouseCoopers AG Switzerland reviewed the policy in 2018 and 2020, with Deloitte reviewing it in 2022 and 2023. These independent reviews by market-leading auditors validated NordVPN's no-logs claim — the service doesn't track or log your browsing activity.
Can the government track you with a VPN? ›Can police track online purchases made with a VPN? There is no way to track live, encrypted VPN traffic. That's why police or government agencies who need information about websites you visited have to contact your internet service provider (ISP for short), and only then your VPN provider.
Does NordVPN detect spyware? ›Before connecting you to any website, NordVPN's Threat Protection automatically checks a real-time list of domains and URLs that are known for hosting malware. If it sees that you're about to visit a dangerous page, NordVPN will block your access. Instead of landing on the webpage, you'll get a warning message.
Can you be tracked through NordVPN? ›PricewaterhouseCoopers AG Switzerland reviewed the policy in 2018 and 2020, with Deloitte reviewing it in 2022 and 2023. These independent reviews by market-leading auditors validated NordVPN's no-logs claim — the service doesn't track or log your browsing activity.
What's the deal with NordVPN? ›It works by enveloping all of your online activities in a layer of encryption, while also hiding information about your virtual location. This way, you stay invisible to hackers, your ISP, governmental agencies and other prying eyes lurking throughout the net.
Are VPNs compromised? ›Like any software, all VPNs are technically capable of being hacked. No software is 100% perfect, and VPNs, like any internet-based software, can fall victim to different attacks.