Hacker Breached Servers Belonging to Multiple VPN Providers
A threat actor has obtained access to servers belonging to NordVPN, TorGuard, and possibly VikingVPN. NordVPN acknowledged that it suffered a data breach in March of 2018 in which a threat actor obtained private keys used by the firm for securing its web servers as well as VPN configuration files. Sophisticated attackers could have used the private keys to carry out man in the middle (MiTM) attacks allowing them to eavesdrop on encrypted communications. The VPN giant blamed the incident on an “insecure remote management system” used by one of the firm’s datacenter providers in Finland.
TorGuard also admitted it suffered a breach, but said the incident only affected an insignificant private key that hasn’t been valid since 2017. While a hacker recently claimed to have accessed the servers of VikingVPN as well, the company has so far declined to comment on the alleged breach.