Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

255 posts

Ultimate Geek

# 259811 23-Oct-2019 10:59
Send private message quote this post

This is kind of a big deal because a lot of youtubers like JayzTwoCents promote NordVPN on their youtube channels so it will be interesting to see how they handle this.


NordVPN is one of the VPN(Virtual Private Network) provider based in Panama. Security researchers disclose that one of the exit node of it’s network was hacked. “Exit node” is part of the service that masks user IP address. NordVPN claims “Zero log” policy. “We don’t track, collect, or share your private data. It’s none of our business.”, NordVPN says on their website.

The breach was done by exploiting a vulnerability of one of their server providers. According to their statement, “No user credentials have been intercepted. No other server on our network has been affected. The affected server does not exist anymore and the contract with the server provider has been terminated.” NordVPN told that one of its data centers was compromised in March 2018. “One of the data centers in Finland we are renting our servers from was accessed with no authorization,” said one of NordVPN representative, Laura Tyrell.

To make it worse – they have only revealed getting hacked after someone literally published their private key on twitter.

The attacker exploited an insecure remote management system left by the data center provider which was active for about a month. The company said that it was unaware that such a system existed. The data center was based in Finland. Later they disclosed that the data center provider was a Finnish company called Oy Creanova Hosting Solutions Ltd. It is such a shame that that a VPN provider which claims to protect user’s data isn’t aware about it’s data centers. But Creanovs’s CEO, Niko Viskari, blamed NordVPN in and email, “They had a problem with security but because they do not take care of security by themselves, Nord was trying to put this on our shoulders”.

“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either. On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.”, said one of the spokesperson.

They claimed to have revealed about the breach few months ago but they said that the breach was not disclosed because NordVPN wanted to be “100% sure that each component within our infrastructure is secure.”, NordVPN said “no other server on our network has been affected.”

Security researchers said, “While this is nor confirmed and we await further forensic verification, this is an indication of a full remote compromise of this provider’s systems. That should be deep trouble to anyone who uses or promotes these particular services.”

Security researchers warned that the company was paying no attention to the larger issue of the attacker’s possible access to the network. The researchers said, “Your car was just stolen and taken on a joy ride an you’re quibbling about which buttons were pushed on the radio? They spent millions on ads, but apparently nothing on effective defensive security.”

Some security researcher said it was hard to determine if attacker’s obtained user’s because the company, because the company does not collect logs of their server activity, which was actually their selling point. “I think that the worst case scenario is that they could inspect the traffic and see what kind of websites you could visit,” Okman said. He said that the company was late to inform it’s user’s about the 2018 breach because they had verify if their 5,000 had the same issue.



Create new topic
313 posts

Ultimate Geek

Lifetime subscriber

  # 2342434 23-Oct-2019 12:57
Send private message quote this post

Mr TwoCents has made a statement/video

2176 posts

Uber Geek


  # 2342451 23-Oct-2019 13:27
Send private message quote this post



1522 posts

Uber Geek

  # 2342474 23-Oct-2019 14:27
One person supports this post
Send private message quote this post

I would never buy anything a youtuber promotes anyway, most of them probably don't even understand the product they are advertising and just want the money. 





Create new topic

Twitter and LinkedIn »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45

Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30

JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59

Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34

NZ Police releases public app
Posted 8-Jan-2020 11:43

Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06

Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54

AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42

AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32

Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09

Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32

Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30

Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01

NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00

New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.