Last week the VPN industry was full of information about the NordVPN server breach which we already quickly reviewed. TechCrunch released an article, which said that NordVPN had a data breach and their users might be in danger.
As we already received a ton of questions about this situation, we’d like to give you a short and transparent situation overview.
The timeline of the NordVPN server breach
According to TechCrunch, NordVPN knew about the server breach one and a half years ago. However, the company released an official statement which explains all the sequence of actions after the server breach:
1. The server which was affected was brought online on January 31st, 2018.
2. The evidence of the breach appeared on March 5th, 2018. The company states that they were unaware of the situation as the service provider did not inform them.
3. The breach was restricted as the servers provider deleted unsecure accounts on March 20th, 2018.
4. NordVPN was informed on April 13, 2019 (more than a year after the breach itself actually happened) and immediately removed affected servers. One of the main facts you should take from here is that the company took all the necessary actions once they found out about the situation. The information that NordVPN was hiding breach info for more than one and a half years is completely wrong.
Key facts about the server breach
- Only one (out of 5108 total) servers were affected. No user data (such as emails, passwords, browsing history) was taken.
- The breach happened because of poor server configuration from the provider side. The company says they were not notified about the situation.
- There are no signs that the intruder monitored or had access to the traffic that was going through those servers at the time.
- The breach and all the action that happened after clearly showed that NordVPN has a complete 0 log policy. The affected server did not contain any user activity logs.
Should you continue using NordVPN?
Well, the situation that NordVPN users are now in is pretty difficult, but a TL:DR answer is YES.
A company which loudly declares about their security and privacy features is involved in a situation like this and there could be lots of different thoughts in users minds. However, as facts already showed none of the NordVPN users or their data was compromised. As we already mentioned, the breach clearly showed and approved NordVPN’s zero-log policies and that is a great thing.
The company also released a new blogpost with future plans to improve its overall security. Here’s the short version of it:
– Partnership with a top cybersec and penetration test consulting firm. That means more transparency and higher security standards.
– Bug bounty program. People with a good tech expertise will have a chance to report bugs and get a reward for it.
– Infrastructure audit. Although NordVPN already had an official PwC audit, there will be another full-scale audit made by a third party.
– Diskless servers. All of the current NordVPN servers will be moved to RAM servers. It means that none of the information will be stored locally and NordVPN will have their own independent infrastructure.
We believe that NordVPN definitely learned the lesson and will improve its infrastructure. We would not recommend an unreliable product and NordVPN is truly a great service. However, as the company spends that much money on its marketing, it should be able to invest an even bigger amount of cash in their infrastructure improvements.
Although this “hack” is something you would want the least, we think that this server breach was a good lesson not only to NordVPN or Torguard (who was also affected the same way as NordVPN) but to all VPN providers in the market. Companies should realize that their user security should be #1 task on their priority list.