NordVPN refutes breach, calls leaked data “dummy”
▼ Summary
– NordVPN denied a breach of its internal systems, stating that stolen data was “dummy data” from a trial account on a third-party testing platform.
– A threat actor had claimed to steal databases containing sensitive information like API keys by brute-forcing a NordVPN development server.
– The company clarified the stolen data came from an isolated, temporary test environment with no connection to its production infrastructure or customer data.
– This incident contrasts with a confirmed 2019 breach where hackers gained root access to NordVPN servers and stole private keys.
– Following the 2019 breach, NordVPN implemented a bug bounty program, a third-party audit, and plans to upgrade its server infrastructure.
NordVPN has firmly denied recent claims of a data breach, stating that information leaked by a threat actor consists entirely of fabricated “dummy data” from an isolated, third-party testing environment. The company clarified that this environment was used months ago during a preliminary trial with a potential vendor and was never connected to its operational infrastructure.
Over the weekend, a hacker using the alias “1011” posted on a cybercrime forum, boasting about stealing more than ten databases from a NordVPN development server. The actor claimed the data included sensitive items like Salesforce API keys and Jira tokens, allegedly obtained through a brute-force attack on a misconfigured server.
NordVPN’s investigation tells a different story. According to the company, the compromised information came from a temporary test setup used to evaluate an automated testing platform. This test environment contained only non-functional placeholder data for checking software features. No actual customer information, business data, or live credentials were ever present in that system.
“The leaked elements can only be artifacts of an isolated third-party test environment,” a NordVPN representative explained. “We ultimately chose a different vendor and did not proceed with the one we tested. The environment in question was never connected to our production systems.”
The company confirmed it never signed a contract with that specific vendor and has since contacted the provider for more details. They emphasized that the incident poses no risk to users or NordVPN’s services.
This event serves as a reminder of NordVPN’s past security challenges. In 2019, the company experienced a genuine breach where hackers accessed servers, gaining root privileges and stealing private encryption keys. That incident prompted significant security upgrades.
In response to the 2019 breach, NordVPN launched a bug bounty program, underwent extensive third-party security audits, and committed to a major infrastructure overhaul. The company announced plans to transition its entire network to proprietary, owned servers and upgrade all hardware to more secure RAM-based systems. While the current situation appears to be a false alarm, it highlights the ongoing scrutiny and high-stakes nature of cybersecurity in the VPN industry.
(Source: Bleeping Computer)
