If you are into VPN, you most likely know about NordVPN. Religiously followed by some — substantially avoided by others.

Today they announced that one of their data-centers have been breached

Let’s look into what happened:

NordVPN told TechCrunch that one of its data centers was accessed in March 2018. “One of the data centers in Finland we are renting our servers from was accessed with no authorization,” said NordVPN spokesperson Laura Tyrell.

There are two big problems in this quote:

  • The breach happened in March 2018, yet was not made transparent to its users, a community widely focused on security. This is a massive trust issues and will most likely result in my users leaving NordVPN.

  • NordVPN did not deploy their own data-center, yet claimed to be “fully secure” (whatever that even means). Always check wether an ISP runs its own infrastructure.

The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the data center provider; NordVPN said it was unaware that such a system existed.

Especially when your provider does not state how they check the security of their third-party providers.