Personal virtual private network provider NordVPN has disclosed a security breach that affected one of its servers in March 2018. The impacted data center was located in Finland, according to the company, which says its server didn’t contain login credentials or activity logs, but that the attacker may have been able to see the sites some customers were accessing.
Personal VPN services are a fairly inexpensive way for consumers to protect their privacy, get around geo-blocks, and more. Though there are many ordinary reasons to use a VPN, these services may also be used by some individuals who face risks if they get caught sharing certain content, such as information that may be critical of certain governments.
For these reasons, VPN security is of the utmost importance for customers, making the newly disclosed security lapse that impacted NordVPN concerning. News of the issue first surfaced over this weekend from security researchers, prompting the company to publish a statement explaining exactly what happened.
According to the company, NordVPN learned about the data breach ‘a few months ago.’ The issue involved a data center in Finland, where an unnamed attacker was able to access the company’s server using an ‘insecure remote management system’ that NordVPN said it wasn’t aware of. After learning about the issue, the company says it terminated its contract with the server provided, get rid of the servers it was renting from them, and kicked off an internal audit of its full infrastructure.
A stolen encryption key may have allowed an attacker to conduct a man-in-the-middle attack, something that would have only been able to target a single person at a time. Data taken from the compromised server couldn’t be used to decrypt the user traffic on any of the company’s other servers. Ultimately, the security breach would only have potentially impacted a small number of users who connected through that server.