Was NordVPN hacked or is it false? What Reddit has to say

Recently, information about one of the most popular VPN being hacked surfaced on the Internet. The story began when TechCrunch published an article that was full of empty and unjustified claims that NordVPN does not invest in security at all. At the same time, TechCrunch failed to disclose that it is owned by Verizon, a company that has its own VPN service. The VPN service is a competitor of NordVPN, thus this explains the harshness of the posted article. Social media, news websites and the biggest media outlets wrote about how “NordVPN was hacked”, “NordVPN confirms it was hacked” and used similar titles to get more user reach and traffic to their websites. However, most of the information was quickly shared on Reddit.

We have gathered and systematized all the information regarding this topic that we found on Reddit. We also checked what security experts say about NordVPN’s case. Reddit has divided itself into 2 camps: it seems that a part of Reddit users have jumped on the clickbait wagon (strange that even those who present themselves as security experts have done so), while others say that calling this a “hack” is way too generous.

The Summary of basic concerns expressed by active Redditors:

• Biggest concerns mostly come not from the incident itself or that it happened, but that the company did not say anything for almost a year, as the server was affected in March 2018.
• A lot of questions were raised whether the VPN can be trusted — if they knew about the incident, why didn’t they inform their users, maybe the company doesn’t care, what other information is kept from the user base.
• Some users were disappointed about how NordVPN switched the blame fully on the datacenter provider, thus not taking responsibility on their part.
• Users could not believe that the VPN provider didn’t know anything about the incident and questioned the importance of privacy.

Positive responses from Reddit regarding the incident:

• A lot of tech-savvy users stepped up to carefully explain in detail how this issue could only affect a very small user base as well as how minimal the damage could have been done.
• Others wrote about how no VPN provider is 100% safe from these kind of accidents and that it’s nice to see NordVPN talking about it and not sweeping it under the rug.
• A part of users explained how they still trust the company due to its services recently being audited as well as the no logs being in place.
• Users stood up by NordVPN, saying that it gets too much negativity, especially knowing that a few other VPN providers were affected by this setback as well.
• Some raised questions about TechCrunch in particular, as the news website wrote a misleading title — users deduced that TC might have written a questionable article about the occurrence due to being owned by Verizon, a company that has launched its own VPN some time ago.

What do security experts have to say about NordVPN’s incident?

• The attacker who exploited the server located in Finland, got hold of TLS keys that could have been used to attack users using the Man in the Middle attack (MITM). However, the said private keys cannot be used to decrypt any user traffic.
• The found TLS keys were already expired, minimizing the damage that could have been done. Moreover, it would require extraordinary access to compromised user devices, which would be very difficult to ahold of, not to mention execute the attack.
• User credentials were not affected in any way.
• Only one server was affected, and as NordVPN has a no logs policy — no user activity logs were found. The company encrypts the RAM of every new server, thus tightening its security.

Is NordVPN safe to use?

Yes, and here’s why:

• It’s always better to choose a well known and big VPN service provider, even if a minor accident happens to, rather than a small and unknown player, who has no control at all.
• NordVPN wrote in their official statement that as soon as they learned about the accident and the found vulnerability, they terminated the contract with the datacenter provider, ceasing all future relationships.
• The server that was affected was immediately shredded, meaning that the server was disposed of and made inactive.
• The case was isolated, only one server was affected.
• The VPN launched an internal audit of their infrastructure to check whether no other server could be vulnerable to exploitation.
• NordVPN launched an application security audit, are now preparing a bug bounty program and are also working on a second no-logs audit.
• NordVPN on Reddit is painted in a negative light, especially with so many written article shares and comments of users who are not that tech savvy and are easily affected by the media. The articles themselves are used for clickbait, use questionable titles to get more traffic, therefore further scaremongering those, who did not understand the situation clearly in the first place. Unfortunately, many users only read the headline, and those who aren’t well versed in the technical department might not have really known or understood whether the incident affected them and whether it was serious or not. It is important to take all the information with a grain of salt, but this situation seems blown out of proportion way too much.