NordVPN got Hacked !

Discussion in 'Internet and Technology' started by Ali.Ch, Oct 23, 2019.

  1. Ali.Ch

    Ali.Ch Aspirant

    24
    8
    +25
    Hello everyone,

    I noticed this news and I thought it might be useful for those who are planing to purchase NordVPN service or already are using this service.

    https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/


    I am personally got a dedicated VPN server powered by FreeBSD from a provider for $3.99/ month which is a little bit more expensive than services such as NordVPN or ExpressVPN but at least the IP is dedicated and I am sure its me who is only access to this server.

    Are you using VPN or any similar service ? Please share your opinions
     
    • Funny Funny x 1
    • Informative! Informative! x 1
    • List
  2. MagicalAzareal

    MagicalAzareal Magical Developer

    433
    332
    +202
    If I really need privacy, I usually use Tor.

    VPN providers tend to be a bit on the unreliable or insecure side.
     
  3. overcast

    overcast Adherent

    290
    45
    +69
    Considering many private and govt services cracking on VPN, I think this is more like that data breach level hack and not some kid playing in basement type job.
     
  4. MagicalAzareal

    MagicalAzareal Magical Developer

    433
    332
    +202
    https://news.ycombinator.com/item?id=21318338
    Apparently, someone posted the private key on 8chan a year ago for NordVPN.
     
  5. overcast

    overcast Adherent

    290
    45
    +69
    I don't see much weight in 8chan connection, as said in YC, it was just a certificate key shared.
     
  6. Ali.Ch

    Ali.Ch Aspirant

    24
    8
    +25
    If you read more there is more into it... (as a security expert explains).
     
  7. Leaf_Green

    Leaf_Green Participant

    86
    13
    +11
    I dislike security breaches as much as any other person, so the only good I see in this is that YouTubers might begin ending NordVPN sponsorships en masse (and by extension other VPN providers) so we'll finally not have to sit through endless VPN segments anymore.

    ...Instead we'll now enjoy the newest mobile game craze advertisements that totally don't show doctored review scores and download counts.
     
  8. Ali.Ch

    Ali.Ch Aspirant

    24
    8
    +25
    The most horrible things regarding this breach could be the lives of those human rights activists who use VPNs to publish their findings and data. Of course depending on the fact that who had done this hack.
     
  9. MagicalAzareal

    MagicalAzareal Magical Developer

    433
    332
    +202
    For activism, you really should use Tor and some sort of bridge to somewhat mask you're using it.
    China's Great Firewall, for instance, is capable of detecting and blocking VPNs via traffic analysis.
     
  10. pierce

    pierce Habitué

    1,169
    262
    +719
    Here's a full for node list to block

    https://www.dan.me.uk/tornodes
     
  11. Ingenious

    Ingenious Fan

    666
    347
    +252
    pierce I am not sure what your post means. Are you suggesting these should be blocked in general by forum admins? If so, why?
     
  12. doubt

    doubt Tazmanian

    4,790
    562
    +2,059
    That's huge.
     
  13. pierce

    pierce Habitué

    1,169
    262
    +719
    Because a* holes use for for nefarious purposes and I'm sure to keep it blocked and updated
     
  14. MagicalAzareal

    MagicalAzareal Magical Developer

    433
    332
    +202
    Bypassing the Great Firewall is easy, use a bridge.

    Bypassing a block on the site's end is also pretty doable. You just add an extra proxy at the end.
    I don't block it as it never really causes me trouble and some of my users talk about living in China and using it to bypass the local censorship to use the site. There are other cases too.

    There are too many downsides for me to block it and a remote possibility that someone might use it to do something nefarious. If it's bots, I get plenty of those over the regular internet and work on counter-measures to combat them accordingly.

    I would be more worried if I was a Tor exit node operator, as someone might use it to access one of those child pornography sites and then the police would bust down my door looking for evidence as it would look like I'm the one doing it.
     
    Last edited: Oct 26, 2019
  15. pierce

    pierce Habitué

    1,169
    262
    +719
    Losing a user database and gdpr is bad news, bad pr and just bad in general.
     
  16. MagicalAzareal

    MagicalAzareal Magical Developer

    433
    332
    +202
    You don't need to use Tor to compromise a site and many, many don't.
    I would be more worried about bots and users being problematic than security.

    This is security by obscurity which is really not security at all and if I lacked that much confidence in my security, then I wouldn't be able to sleep.
     
  17. mysiteguy

    mysiteguy Administrator

    2,950
    1,387
    +2,279
    Nor do you need to block the entire TOR list if you're blocking them from your server. There's a query you can do from your server that will tell you which TOR nodes connect to your particular server's IP address. Update the list every hour or so and your server is covered.
     
    • Informative! Informative! x 1
    • List
  18. FredGemstone

    FredGemstone Neophyte

    2
    6
    +0
    I don't think that this is that big of a deal. For me at least it's not a deal breaker because (according to NordVPN on their blog) no harm was actually done to users. I understand that this is a bad look for a security company, but it seems impossible these days to be perfectly safe.
    What's also interesting is that everyone is citing TechCrunch as their primary source. But after some research it becomes apparent that they are a little bit biased because their parent company has vpn of their own as well so it's in their best interest to drag other vpns through the mud. I think this article is a bit better and less sensationalized.
     
  19. pierce

    pierce Habitué

    1,169
    262
    +719
    Apparently Philip Morris says smoking the smooth white sticks are completely harmless.

    No harm was done?

    An encryption key on a server was available. They don't keep logs so how do they evaluate damage?

    It at least has had some high profile blogs and tech people try and cut the bs somewhat.

    It's a security product for "security concerned" people. It's very serious.
     
  20. MagicalAzareal

    MagicalAzareal Magical Developer

    433
    332
    +202
    NordVPN is cited as the premier VPN for high privacy purposes these days.

    Some people even use it in addition to Tor. If it is compromised, then that is a very big deal, but I kind of predicted it getting compromised sooner or later, whether by one actor or another. The biggest surprise here was that it wasn't a state actor (US, Russia, China, etc.), it seems, but more of a private one.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.