When people want to get around firewalls or blocked services, they use a service such as NordVPN. These services generally give you a different IP address and keep your browsing history away from prying eyes.
NordVPN has disclosed one of their servers was breached, back in March 2018. If you are wondering why we are just finding out now, they were renting a server from a third party – which originally didn’t disclose the breach.
When we learned about the vulnerability the datacenter had a few months back, we immediately terminated the contract with the server provider and shredded all the servers we had been renting from them. We did not disclose the exploit immediately because we had to make sure that none of our infrastructure could be prone to similar issues. This couldn’t be done quickly due to the huge amount of servers and the complexity of our infrastructure.
Thankfully, no personal data was collected. Since the breach, NordVPN has canceled its contract with the service provider and has made additional security checks on its own servers. During its checks, they found no other issues. The problem was with the server provider themselves, who failed to alert the company of the data breach.
This wasn’t the only data breach we have seen this month. A few weeks ago, millions of Brazilian citizen records were stolen.