NordVPN Admits 'Isolated' Data Breach Was Discovered Last Year (Oct 21, 2019)
NordVPN was impacted by an attack on a Finnish data centre in 2018. NordVPN now admits to the intrusion but that usernames, passwords and user activity logs are all safe. It may have been possible for the attacker to manipulate site traffic and to monitor some user activity. NordVPN ended its contract with the data centre in question and affirms that no other data centre providers have been affected. According to Cyberscoop it was the Creanove hosting provider that was breached. However Creanova blame NordVPN.
Recommendation: Threat actors are willing to go to great lengths to abuse trust relationships in supply-chain attacks. NordVPN’s business model is built on the trust it generates for its customers by providing secure encrypted communication services. Attacks like this emphasize the need to carefully check the standards of your supply chain.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.