NordVPN Data Breach: What Lessons Can Be Learned?

The VPN market is growing exponentially, with analysts suggesting that the revenue will cross $35.73 billion by 2022. Over 25% of users surf the internet with a VPN at-least once a month.

TechCrunch, recently disclosed that NordVPN had suffered a security breach on a server they launched back in 2018.

NordVPN disclosed information about the breach. The hacker gained access to the server by acquiring a TLS encryption key. It was also disclosed that the breach was in fact an isolated breach and no other services offered by NordVPN were affected by it.

Here’s everything that you need to know about the breach.

When did the NordVPN breach actually occur?

The actual timeline begins a year back. In January 2018, NordVPN deployed the server that later got hacked by perpetrators in March of 2018. However, the breach was stopped by the dawn of the 20th March.

There were notified of the breach by the data center on April 13th, 2019 and the server was brought down immediately, as disclosed by NordVPN.

What caused the NordVPN server-breach?

Disclosed information suggests that the server was breached due to an insecure remote management system left by the data center. NordVPN was unaware that a system like this existed.

NordVPN is famous for its no-log policy, did the hack prove that the VPN provider doesn’t keep any logs? Well, it did. The server breached had no logs nor it contained any sensitive credentials of users’.

What services were affected by the NordVPN breach?

The server affected by the breach was hosted in Finland. NordVPN confirmed that it was the only server that was affected during the breach. Furthermore, the vendor also assured that no other services were affected during the time period.

NordVPN revealed that the exploited server can’t be used in any way to gain access to other VPN servers and or user-credentials.

Other than that, the service provider assured that there’s no way the breacher could’ve monitored any activity of the clients connected to the server and wasn’t able to intercept the credentials.

Security-researchers argue that the VPN provider should’ve been aware of the vulnerable system inside the data center. Some even criticize that the VPN provider spends millions on marketing but couldn’t keep a server secure.

Lessons for a VPN provider

NordVPN was not the only brand that was breached. It is important for providers to learn from their mistakes.

VPN providers should be aware of any systems that can be exploited to gain unauthorized access to a server. They should refrain from using third-party services to further improve their security.

By wiping out the third-party risks, a VPN provider makes the services it offers, more secure. However, this doesn’t mean that it can’t be hacked. Implementation of other measures to find out vulnerabilities in the system is required.

In order to prevent critical vulnerabilities from being exploited, VPN providers should consider initializing a bug bounty program.

The solution to a problem may differ from one person to another, which is why it is the most affected way to sniff out vulnerabilities in your infrastructure. Variations in skill level and intelligence can provide different perspectives in any field.

How users can improve security on there end?

The hacker exploited a vulnerability that was tied to an insecure server. Even though the only thing affected in the aftermath was the server. There’s no guarantee that your credentials will remain secure if a second breach occurs.

According to NordVPN, there were only a small number of people using the vulnerable server. Out of millions of users, the number of consumers that were connected to the Finnish server was 50-200.

Let’s keep that aside, what if the database was the one that was affected by the breach. With access to sensitive credentials, the hacker will have the capability to monetize and profit off of it.

In order to keep your credentials safe and your presence anonymous. Here are some methods that you can implement on your end.

  • Two-Factor Authentication (2FA)
  • Privacy Extensions
  • Anonymous Browsers

Two Factor Authentication

Two-factor authentication is one of the most recommended measures to keep credentials secure. It’s extremely useful in a database breach.

With two factor authentication enabled you do not have to be concerned about your credentials being used against your will. Even though the credentials are exposed but they are useless as access can’t be gained to your account without another authentication.

The second authentication is usually done by sending a notification request on your phone or through the email. If you were not the one to log-in you can deny the request and change your password.

Benefits of 2FA

  • The first benefit of two-factor authentication is self-explanatory. It provides an added layer of security. The chances of identity theft are brought down to a minimum.
  • Secondly, 2FA increases productivity and flexibility. Enterprises are rapidly embracing 2FA in their infrastructure as it contributes to higher productivity.
  • With 2FA employees are able to access applications, data, and documents virtually. All without risking the corporate network and the sensitive information it withholds.

Privacy Extensions

Even though Virtual Private Networks (VPN) are enough to fulfill the security and privacy aspect of browsing the internet. No-logs were

Privacy and security are huge aspects that can’t be ignored on the internet. Privacy extensions can help increase security and privacy on the internet, in case of an insecure VPN server.

It’s better to be safe than sorry. Privacy extensions are available on all the operating systems and different browsers. Having an extra layer of privacy is recommended rather than relying on VPN to do its job.

Out of all the privacy extensions available on the internet. These extensions will take care of your privacy and security needs on the internet. Learn why these extensions are the best for privacy online.

  • uBlock Origin
  • Privacy Badger
  • HTTPS Everywhere
  • Self-destructing Cookies
  • Decentral Eyes

Use of Anonymous Browsers

If you’re not aware of it already, the browsers that you use right now are sending data to Google and various other search engines. The data is analyzed to serve targeted ads and track your activities on the internet.

Using anonymous browsers can help you get rid of monitoring through the browser. Anonymous browsers do not come packaged with encryption tools. Instead, they offer privacy extensions and a huge relay of servers to route your connection through.

The Tor browser is famous for providing anonymity online. However, if the rumor that lurks around Tor annoys you, you can switch to the different alternatives of Tor.


As of right now, NordVPN has decided on launching its own bug bounty program. Even though the damage wasn’t that critical. It was about time that the company started testing its infrastructure.

There are a majority of internet users that are depending on the security and privacy features provided by the VPN. The breach proved that secure VPN providers are easily exploitable. It is important to have a backup plan to keep your presence online, secure and private.

2 thoughts on “NordVPN Data Breach: What Lessons Can Be Learned?”

  1. The mentioned disclosed information from NordVPN seems to be a good and in depth explanation on the breach itself. I was on the fence when choosing a VPN, as this topic has just popped up, but going to Reddit and reading a bit on I felt a little bit at ease. Wouldn’t quote or read biased reviews on the event though, better to double check what real consumers are saying.

  2. Pretty decent explanation. Thank you for that. I guess most of VPN companies should be aware of these issues as well since the customers all around the world getting suspicious about everything that concerns online privacy. Since nowadays the situation is pretty difficult because of coronavirus and other matters and more and more people are working from home it’s crucial to stay safe online so private data won’t be leaked so I guess many people are looking for secure ways to connect to the internet and internal sites which can also be done while using proxy services such as smartproxy, netnut,microleaves or any other provider that can offer secure connections.


Leave a Comment