Reports are going around that NordVPN has been compromised. The data hacked. Your information? Not quite as safe as you thought.

Podle TechCrunch the breach took place back in March of 2018, when an unauthorized individual accessed a server that NordVPN was renting from out of Finland.

The attacker made use of a remote management exploit at the data center in order to bypass internal security measures.

The article notes that the breach was only discovered by NordVPN a year later, just a few months ago. They only decided to inform the general public (and their customers) on October 21st, 2019 because they wanted to be sure about the information they had regarding the breach.

The details on the breach and how it came about was also recently discussed by JayzTwoCents.

VPNs are usually used to get around regional firewall blockades, or to bypass government mandated restrictions to access certain sites, or just to retain your privacy while browsing the net.

Oftentimes people feel as if they’re only truly safe surfing their way across the web when using a virtual private network, but in this case it was just the opposite. Their data was not safe and they were not protected from the potential threats they were getting away from by signing up with NordVPN.

The articles don’t discuss who the attacker was or what their main goal was, but it’s pretty obvious that since it worked this time expect others to follow suit if they want to compromise other VPN services.

It might seem out of the way to infiltrate a data center and implement remote management software at the source, but then again that was one of the plot lines from the show Mr. Robot. And despite it seeming like ridiculous fiction, it turns out that such a scenario became a reality for NordVPN.

(Thanks for the news tip Johntrine and Tim_At_Where)