NordVPN Addresses Server Breach

NordVPN recently disclosed a server breach that occurred in March of 2018. In the breach, hackers stole encryption keys, compromising an internal signing certificate private key. The company claimed that the incident was the fault of a third-party data center, according to a blog post on their website. One out of NordVPN’s 5,000 servers, located in Finland, was accessed by a hacker, but the company claims that no customer data was affected or accessed, as the server didn’t contain any logs of user activity, passwords, or usernames.

Related: NordVPN Review 


The company is taking five steps to strengthen NordVPN’s security:

  • Partnership with VerSprite: Cybersecurity consultants at VerSprite will perform penetration testing on NordVPN to find vulnerabilities before hackers, along with providing vendor risk assessment and source code analysis.
  • Bug bounty program: If cybersecurity experts find potential flaws and report them to NordVPN, they will get a “well-earned payout,” according to the blog post.
  • Infrastructure security audit: The company is having a third party audit their security independently next year, which will include infrastructure hardware, VPN software, internal procedures, and backend source code and architecture.
  • Vendor security assessment plus higher security standards: NordVPN will build a network of collocated servers exclusively owned by NordVPN, making breaches from third-party server providers impossible.
  • Diskless servers: Finally, NordVPN will upgrade all of their servers to RAM servers so nothing is stored locally. Rather, the data will be stored in a centrally controlled network.

Mark Thompson, Vice President of Product Management at Keyfactor, a cybersecurity vendor, believes this breach could have happened to any VPN company, as most VPNs rely on third party data centers. When shopping for a VPN, users should look for where the servers are located and the data policies in that country, he said in an interview with Security Baron. Thompson continued,

“Many consumers don’t know where their data is being routed to. While Europe has strict data regulations, not all countries do. I would recommend using a VPN company based in the United States or Europe where there are regulatory guidelines.”

Aliza Vigderman

Aliza Vigderman

Aliza is a journalist living in Brooklyn, New York. Throughout her career, her work has spanned many intersections within the tech industry. At SquareFoot, a New York-based real estate technology company, she wrote about the ways in which technology has changed the real estate industry, as well as the challenges that business owners face when they want to invest in property. At, an education technology website, Aliza created digital content for lifelong learners, exploring the ways in which technology has democratized education. Additionally, she has written articles for The Huffington Post as well as her own content on Medium, the online publishing platform. Aliza’s love of journalism and research stems from the excellent Journalism program at Brandeis University. At Brandeis, Aliza interned as a research assistant at the Schuster Institute for Investigative Journalism, a non-profit “news room without walls”. There, Aliza was paired with an investigative journalist and used academic databases to obtain data on everything from the suicide rates in Bhutan to local Boston court cases. Her last position was as an account executive at Yelp, educating business owners on the power of technology to increase revenue. Throughout, however, her heart remained with tech journalism, and she’s thrilled to be writing for Security Baron. When she’s not keeping afloat of the latest tech trends, Aliza likes to cook, read, and write. A former high school “Class Clown,” Aliza has completed two feature-length screenplays, a pilot, and countless comedic sketches. On her days off you can find her relaxing in Prospect Park, trying the latest flavors at Ample Hills Ice Cream, and spending time with friends and family.

Trending News

Follow Us