NordVPN hacked.

[VirtualLarry]

Q. Who's triumphantly slamming barn door shut after horse bolted at warp 9? A. NordVPN

Pentests, audits, and RAM-only servers part of lockdown plan

www.theregister.co.uk

 

[GibbyPruchesi]

Everyone is in full panic mode over this breach (which shouldn't even be called a hack) even though it's only one server out of thousands. I do agree that they could have communicated it better but it's good to see that they're planning all of these substantial improvements to their service. Other vpn providers should take notice as well.
I still think that NordVPN is a good service, everyone just has to decide for themselves if it's the right choice for their use cases.

 

[Bulldog21]

i don't use them, so I don't really care, but Facts about breach is a good article in my opinion, at least without harsh loving nord or hating nord. a neutral one.

 

[gerald95]

I think that people made a bit too much of a big deal over this breach. Sure, it happened, but it wasn't that major.

 

[Terabyte 11]

That doesn't change the fact that they lied to all their customers about it for a year and a half. If it's such a minor breach, it shouldn't be a big deal to warn their customers it happend.

 

[killster1]

That doesn't change the fact that they lied to all their customers about it for a year and a half. If it's such a minor breach, it shouldn't be a big deal to warn their customers it happend.

So what company do you use? a few of them have been hacked lately

im sure they wanted to make sure nothing else was compromised before announcing the hack. Even tho yes they did get some sort of middle man hack. the encryption was not defeated no ones data could be read, it was one server in finland?i forget.. from a 3rd party datacenter that had some remote link software running unknown to nordvpn... i use nordvpn and PIA and have no worries at all about it. Of course im not doing anything illegal or immoral, just worried about the government or isp spying / throttling / i dunno just for fun encrypt it is my motto. They use some pretty fancy encryption you can even tor / vpn at the same time or double vpn if you feel the need..

"it doesn’t keep user logs and that it wasn’t possible to use the keys to decrypt regular VPN traffic or previously recorded VPN sessions."

 

[Terabyte 11]

So what company do you use?

I'm using Surfbouncer but how is that relevant to Nord getting hacked?

I'm sure they wanted to make sure nothing else was compromised before announcing the hack.Even tho yes they did get some sort of middle man hack. the encryption was not defeated no ones data could be read.

I could understand it if they waited a week or even a month. But a year and a half is beyond just making sure nothing else is compromised. The article I read on arstechnica said the hackers got their encryption keys which sounds to me like defeating their encryption.

As for PIA, I can't really comment on them since I haven't ever tried them.

 

[killster1]

I'm using Surfbouncer but how is that relevant to Nord getting hacked?


I could understand it if they waited a week or even a month. But a year and a half is beyond just making sure nothing else is compromised. The article I read on arstechnica said the hackers got their encryption keys which sounds to me like defeating their encryption.

As for PIA, I can't really comment on them since I haven't ever tried them.

link to article saying they got the encryption keys? just curious what your service is im sure they all have been hacked in some sort of way through out the years. ya i didnt actually hack it so i dont know what information they got or didnt get. just know what the 3 articles i read said just the middle man bs on one server and they could not read any data. ill check out surf bouncer not sure when my nord expires maybe in another year or this year or in two years i forget.

 

[Terabyte 11]

link to article saying they got the encryption keys?

Hackers steal secret crypo keys from Nord
I also ran into this while I was getting the link. I Haven't read it yet so I don't know how major it or isn't is but I figured I'd add it while we're on the subject.
Nord users passwords exposed in credential surfing attack

just curious what your service is im sure they all have been hacked in some sort of way through out the years

I suppose there's no way to know for sure, but I researched them extensively when I started using them and couldn't find anything.

 

[killster1]

Hackers steal secret crypo keys from Nord
I also ran into this while I was getting the link. I Haven't read it yet so I don't know how major it or isn't is but I figured I'd add it while we're on the subject.
Nord users passwords exposed in credential surfing attack


I suppose there's no way to know for sure, but I researched them extensively when I started using them and couldn't find anything.

digital certificate that provided HTTPS encryption for nordvpn.com.

does that mean haxors could read all the data with these keys or just for https on nordvpn.com? really doesnt sound like they had full access to everyones data and passwords etc. ya its total bs not to tell customers but of course why would they want to lose customers ;P i know about it and most likely would still use them in the future, they are not fast at all but it is handy and updated often enough to handle my non life threatening data. im not working on a cure for cancer or anything but yes it does suck they only admit it after being called out. do i blame them for this practice, nah who likes to admit problems!?

 

[Terabyte 11]

do i blame them for this practice, nah who likes to admit problems!?

Well I don't think it's so much about wether they like admitting it so much as the fact that an honest company should, even if it hurts. Even more so if their willing to lie about that, what else could they be lying about, for all we know the hackers got more than anyone knows about and they're just admitting to the smaller amount people have heard about already.

 

[HoneyPotter]

Hi,
In alignement with the previous breaches, I wanted to share what look likes a hack on my Windows 10 VPN app, ver 6.28.13.0. I've read the previous messages and found nothing explaining what happened...

So, on my Windows 10 PC, the NordVPN app is launched during the startup and asks for the password, set at blank. My registered email for NordVPN was automatically filled. The real password is strong enough to not be cracked.
And what's totally weird is that any not blank password was allowing the connection to VPN servers. I've checked that not trying to connect, my IP was as expected the normal no-VPN one.
It was so weird that my teenager kids made fun of it last week-end, typing crazy passwords and it connected well each time. By the way, my son told me not nice things about my VPN provider. I almost forgot the password after weeks connecting with anything but a blank, like "1" or "a".
This morning, I've made searches on the Web to find out what happened and after weeks of dysfunction, it worked again (WTF!), without any update. And it asked my for allowing an update.
I had a live chat with NordVPN an hour ago, the guy told me that he never heard about something like this. Asked him if it was possible with a local hack... he had no clue ("let's say it's a glitch").
The antiviruses as BitDefender or Kaspersky found nothing when the "glitch" was active. And I have not enough technical knowledges for understanding what happened.

If someone has any clue, I would be grateful to help me know if it could have only been a weird glitch, because that's not very reassuring about NordVPN.

 

[Chiefcrowe]

That's odd! Can you try to change the password to a different very long and complex one, from a known good other PC?

Then, make sure that the pw is stored securely only on a password manager program?

 

[HoneyPotter]

Yes, I'm gonna change the password from another device and adopt a pw manager.
Still have no clue about what exactly happened. Will come back if I have some valuable new information.
Thank you.