Irony! We all use a VPN, keeping in mind everything is private and secure, but then it looks like the risk is everywhere. NordVPN is one of the popular VPN services has confirmed that it was hacked sometimes ago. The first report came via Twitter user @hexdefined, who shared screenshots of NordVPN private keys. Though the keys have expired. The original confirmation came from @le_keksec.
NordVPN confirms that it was hacked
HexDefined was able to use the keys locally, and when running on localhost with an /etc/hosts entry, it was working fine. The bigger problem was that It was possible to decrypt past encrypted sessions, which is a much bigger issue. A lot of details about this are available here.
NordVPN did talk about it a bit here, but it’s not clear the message they are passing along. I would say, its an epic marketing failed when they said:
Yesterday, our marketing department got ahead of themselves and published an ad on Twitter that triggered the infosec community. The message stated the following: ‘Ain’t no hacker can steal your online life. (If you use VPN). Stay safe.’
VPNs usually work in a way that all traffic gets through a secure tunnel, no logs are kept, and there is no way to decrypt here unless somebody has access to the keys. As per NordVPN spokesperson Laura Tyrell said that one of its data centers was accessed in March 2018.
One of the data centers in Finland we are renting our servers from was accessed with no authorization. The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the data center provider, which NordVPN said it was unaware that such a system existed.
The bigger problem is something else. The company needs to set up an intrusion detection system. It should be able to warn about any sort of man in the middle attack or any server breach. While there was no data on the server, so chances of any username et all; might not have been stolen, but it clearly shows that the company needs to put more money into development and security than anything else.
Related read: Avast Antivirus Network breached through insecure VPN Profile.