NordVPN confirms data center breach

NordVPN, a well known virtual private network said on Monday that there was a was data breach in 2018. The company said that the impact from the hack was insignificant so far, but it plans to upgrade its security setup.

The VPN company announced the March 2018 data breach on Monday, and it was reported earlier by TechCrunch. An illegal user got access to a lone server in a Finland data center that NordVPN was leasing from an unnamed provider, which did not reveal the hack. NordVPN mentioned that no passwords or username were intercepted.

Technicians at the organization discovered an account of the data breach a few months ago, which led to a security examination. The VPN provider said it discontinued its contract with the data center and confirmed that none of its servers could be accessed in the same manner. In a press release on Monday, the company said “We are taking all the vital means to strengthen our security. We have undertaken an application security review. We are also working on another no-logs audit right now. And we are planning a bug bounty plan.

We will do all we can to maximize the security of each phase of our service. We will launch an independent external audit of our infrastructure next year, to make sure that nothing is left out.”

A member of NordVPN’s tech advisory board, Tom Okman, told CNET that NordVPN is advancing its standards for the data centers it has contracted with. Okman said they accept that better methods could have been applied.

Okman said, “We are now undergoing an internal audit, so we are likely to set higher requirements for them, just to confirm that this incident will not happen again in the future,”.

Okman blamed the long delay in verifying the leak to an exhaustive review of NordVPN’s infrastructure.

He said, “We had to contact multiple centers around the world, to audit and confirm that there was no unverified account on any other server”.