NordVPN Confirms It was Hacked
NordVPN, a virtual private network provider, confirms that it was hacked in March 2018. The company says the breach exposed the browsing habits of customers who were using the VPN service to keep their data private. The company says the server, located in Finland, did not contain activity logs, usernames, or passwords. But the attacker would have been able to see what websites users were visiting during that time, a company advisor said, although the content of the websites likely would have been hidden due to encryption.
Over the past couple years, NordVPN has become a lot more popular as it’s gone on a heavy advertising push. The company has sponsored many podcasts and YouTube creators. NordVPN ads often appear in the middle of podcasts and you can often find a YouTube host pausing to talk about how NordVPN can protect your privacy by masking your browsing habits. This server breach could detract from that promise for potential customers.
Tom Okman, a member of NordVPN’s tech advisory board stated, “Potential attackers could have gotten only into that server and only intercept the traffic and seen what websites people are browsing — not the content, only the website — for a limited period of time, only in that isolated region.” In a blog post this morning, NordVPN said it has known about the breach for “a few months,” but did not immediately disclose the problem because the company wanted to audit the rest of its systems.