Popular VPN service NordVPN confirms data center breach
The VPN company released details on Monday of the March 2018 data breach, reported earlier by TechCrunch. An unauthorized user accessed a lone server in a Finland data center that NordVPN was renting from an unnamed provider, which apparently didn’t disclose the hack. NordVPN says no username or passwords were intercepted.
Techs at the company found an account of the data breach a few months ago, which led to a security audit. The VPN provider said it canceled its contract with the data center and verified that none of its servers could be accessed in a similar fashion.
“We are taking all the necessary means to enhance our security. We have undergone an application security audit, are working on a second no-logs audit right now, and are preparing a bug bounty program,” the company said in a press release Monday. “We will give our all to maximize the security of every aspect of our service, and next year we will launch an independent external audit … of our infrastructure to make sure we did not miss anything else.”