Skip to main content

One of the world's most popular VPNs just admitted to a major security breach

VPN
(Image credit: NordVPN)

In a worrying development for privacy-conscious internet users, one of the world's most popular VPNs (Virtual Private Networks) has admitted to being hacked.

NordVPN, often ranked among the best VPN services, has confirmed that it suffered a security incident back in March 2018.

The company said in a recent blog post that it had been aware of a breach arising from an insecure remote management console at one of its data centers for "a few months".

The VPN provider added that it chose not to publicly disclose this due to concerns its entire "infrastructure could be prone to similar issues".

What did the NordVPN hack expose?

According to NordVPN, the early-2018 incident left some parts of its users' search history unprotected – though the firm maintains that details such as activity logs, usernames and passwords remained secure thanks to its encryption protocols.

It added that the breach was confined to a single data center in Finland – meaning that just one of the "more than 3000 servers" it utilized was affected, in the firm's own words – and that it had since severed ties with the partner in question.

"The expired TLS key was taken at the same time the datacenter was exploited. However, the key couldn’t possibly have been used to decrypt the VPN traffic of any other server," NordVPN said in a statement.

The popularity of Virtual Private Networks has grown in recent years as web users look to secure their online activity from tracking by advertisers, governments, and other third-party organizations.

Those looking for an alternative to NordVPN should check out our ExpressVPN review to learn about why we rate it the top VPN for most people.

More web security guides: