NordVPN Confirms 2018 Security Breach

NordVPN has confirmed that hackers gained access to their servers in March 2018. While the company insists that attackers could not manipulate users’ personal data, unnamed cybersecurity sources cited by TechCrunch have called this claim “questionable” and criticized the service for not doing enough to protect user data.

Details of the Incident

The compromised server contained a remote management system left by the data center provider. NordVPN stated that they were unaware of this system’s existence. According to company representatives, “No user activity logs were stored on the server; none of our applications sent user-created authentication credentials, so logins and passwords could not have been intercepted.”

Company Response

NordVPN reported that they learned about the breach “several months ago,” but chose not to disclose it publicly until now because they wanted to be “100% sure that every component in the infrastructure is secure.”

Expert Criticism

An anonymous cybersecurity expert warned that NordVPN is ignoring a broader issue—the possibility that attackers could have accessed other company systems. “Your car just got stolen and you’re arguing about which buttons they pressed on the radio?” the expert remarked. “NordVPN spent millions on advertising, but apparently did nothing to ensure effective protection.”

Sources and Further Reading

• Other channels and partners available for more information