NordVPN Users Narrowly Escape a Massive Data Breach Author: Jimmy Aki Last Updated: 22 October 2019 NordVPN, one of the most popular Virtual Private Networks and Internet anonymity tools on the Internet, has revealed some disturbing news that could undoubtedly give its crypto using customers some cause to worry. The VPN service confirmed that it was hacked, in an attack that saw the perpetrators steal encryption keys that can now be used to launch decryption attacks on some of its customers. VPNs and their increased appeal VPN service providers have been especially popular among people who will like to hide their identities while they browse certain sections on the Internet. They channel all of your Internet traffic through an encrypted channel, thus making it difficult for anyone on the Internet to see the sites you’re visiting or the activities you’re engaging in. Besides Dark Web criminals, many in the crypto space have also been known to use VPN services to mask their locations while transacting and sending their crypto assets. NordVPN has continued to be one of the most popular and widely used VPN service providers, but now that its security has been compromised, customers might be looking to get their anonymity elsewhere. Company policies avert a data breach According to a log of the commands which were used in the attack, it would appear that the hackers were able to gain root access, essentially getting almost complete control over its servers. With this access, they were able to read and change just about every form of data that was on the servers. One of the private keys stolen was used to secure a digital certificate that provided encryption for nordvpn.com. The security breach is said to have occurred back in March 2018, and the fact that the stolen keys shouldn’t have expired until October 2018 means that attackers could have used the compromised certificate to impersonate the VPN service and get information from its users. It is worth noting that NordVPN currently maintains a “zero logs policy.” In its company policy sheet, it reads, “We don’t track, collect, or share your private data.” However, the fact that the hackers could still get the company’s security keys and certificates are sure to alarm its users nonetheless. While the Finland based data center quietly fixed the security breach, the hacker was said to have also stolen a NordVPN Transport Layer Security (TLS) key, which was used to encrypt traffic from the browsers of customers top the company’s website. However, the key was never used to encrypt user traffic on the server. The TLS key theft opened the door for a “man in the idle attack,” which would have exposed user traffic to the hacker. However, operating such a scheme would have required some other steps, such as creating a fake NordVPN client and tricking users into making use of it. As for the implication of this on cryptocurrency traders and those who access their crypto wallets through NordVPN, this isn’t much of a cause for alarm. Nord has assured users that they don’t collect logs, but the prospect of attackers using these keys to create an impersonation of NordVPN also means that they could set their parameters and steal the data of unsuspecting users. Considering how prominent security breaches have been in the crypto space this year alone, it is imperative that cryptocurrency users stay secured.