NordVPN got Hacked !

Ali.Ch

Aspirant
Joined
Jun 1, 2016
Messages
30
Hello everyone,

I noticed this news and I thought it might be useful for those who are planing to purchase NordVPN service or already are using this service.

https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/


I am personally got a dedicated VPN server powered by FreeBSD from a provider for $3.99/ month which is a little bit more expensive than services such as NordVPN or ExpressVPN but at least the IP is dedicated and I am sure its me who is only access to this server.

Are you using VPN or any similar service ? Please share your opinions
 

MagicalAzareal

Magical Developer
Joined
Apr 25, 2019
Messages
614
If I really need privacy, I usually use Tor.

VPN providers tend to be a bit on the unreliable or insecure side.
 

overcast

Adherent
Joined
Mar 17, 2019
Messages
418
Considering many private and govt services cracking on VPN, I think this is more like that data breach level hack and not some kid playing in basement type job.
 

overcast

Adherent
Joined
Mar 17, 2019
Messages
418
I don't see much weight in 8chan connection, as said in YC, it was just a certificate key shared.
 

Ali.Ch

Aspirant
Joined
Jun 1, 2016
Messages
30
If you read more there is more into it... (as a security expert explains).
 

Leaf_Green

Enthusiast
Joined
Jan 22, 2012
Messages
116
I dislike security breaches as much as any other person, so the only good I see in this is that YouTubers might begin ending NordVPN sponsorships en masse (and by extension other VPN providers) so we'll finally not have to sit through endless VPN segments anymore.

...Instead we'll now enjoy the newest mobile game craze advertisements that totally don't show doctored review scores and download counts.
 

Ali.Ch

Aspirant
Joined
Jun 1, 2016
Messages
30
The most horrible things regarding this breach could be the lives of those human rights activists who use VPNs to publish their findings and data. Of course depending on the fact that who had done this hack.
 

MagicalAzareal

Magical Developer
Joined
Apr 25, 2019
Messages
614
The most horrible things regarding this breach could be the lives of those human rights activists who use VPNs to publish their findings and data. Of course depending on the fact that who had done this hack.
For activism, you really should use Tor and some sort of bridge to somewhat mask you're using it.
China's Great Firewall, for instance, is capable of detecting and blocking VPNs via traffic analysis.
 

Ingenious

Fan
Joined
May 4, 2011
Messages
723
pierce I am not sure what your post means. Are you suggesting these should be blocked in general by forum admins? If so, why?
 

MagicalAzareal

Magical Developer
Joined
Apr 25, 2019
Messages
614
Bypassing the Great Firewall is easy, use a bridge.

Bypassing a block on the site's end is also pretty doable. You just add an extra proxy at the end.
I don't block it as it never really causes me trouble and some of my users talk about living in China and using it to bypass the local censorship to use the site. There are other cases too.

There are too many downsides for me to block it and a remote possibility that someone might use it to do something nefarious. If it's bots, I get plenty of those over the regular internet and work on counter-measures to combat them accordingly.

I would be more worried if I was a Tor exit node operator, as someone might use it to access one of those child pornography sites and then the police would bust down my door looking for evidence as it would look like I'm the one doing it.
 
Last edited:

pierce

Habitué
Joined
Apr 10, 2016
Messages
1,171
Bypassing the Great Firewall is easy, use a bridge.

Bypassing a block on the site's end is also pretty doable. You just add an extra proxy at the end.
I don't block it as it never really causes me trouble and some of my users talk about living in China and using it to bypass the local censorship to use the site. There are other cases too.

There are too many downsides for me to block it and a remote possibility that someone might use it to do something nefarious. If it's bots, I get plenty of those over the regular internet and work on counter-measures to combat them accordingly.

I would be more worried if I was a Tor exit node operator, as someone might use it to access one of those child pornography sites and then the police would bust down my door looking for evidence as it would look like I'm the one doing it.
Losing a user database and gdpr is bad news, bad pr and just bad in general.
 

MagicalAzareal

Magical Developer
Joined
Apr 25, 2019
Messages
614
Losing a user database and gdpr is bad news, bad pr and just bad in general.
You don't need to use Tor to compromise a site and many, many don't.
I would be more worried about bots and users being problematic than security.

This is security by obscurity which is really not security at all and if I lacked that much confidence in my security, then I wouldn't be able to sleep.
 

mysiteguy

Fanatic
Joined
Feb 20, 2007
Messages
3,028
Nor do you need to block the entire TOR list if you're blocking them from your server. There's a query you can do from your server that will tell you which TOR nodes connect to your particular server's IP address. Update the list every hour or so and your server is covered.
 

FredGemstone

Neophyte
Joined
Oct 29, 2019
Messages
2
I don't think that this is that big of a deal. For me at least it's not a deal breaker because (according to NordVPN on their blog) no harm was actually done to users. I understand that this is a bad look for a security company, but it seems impossible these days to be perfectly safe.
What's also interesting is that everyone is citing TechCrunch as their primary source. But after some research it becomes apparent that they are a little bit biased because their parent company has vpn of their own as well so it's in their best interest to drag other vpns through the mud. I think this article is a bit better and less sensationalized.
 

pierce

Habitué
Joined
Apr 10, 2016
Messages
1,171
I don't think that this is that big of a deal. For me at least it's not a deal breaker because (according to NordVPN on their blog) no harm was actually done to users. I understand that this is a bad look for a security company, but it seems impossible these days to be perfectly safe.
What's also interesting is that everyone is citing TechCrunch as their primary source. But after some research it becomes apparent that they are a little bit biased because their parent company has vpn of their own as well so it's in their best interest to drag other vpns through the mud. I think this article is a bit better and less sensationalized.
Apparently Philip Morris says smoking the smooth white sticks are completely harmless.

No harm was done?

An encryption key on a server was available. They don't keep logs so how do they evaluate damage?

It at least has had some high profile blogs and tech people try and cut the bs somewhat.

It's a security product for "security concerned" people. It's very serious.
 

MagicalAzareal

Magical Developer
Joined
Apr 25, 2019
Messages
614
NordVPN is cited as the premier VPN for high privacy purposes these days.

Some people even use it in addition to Tor. If it is compromised, then that is a very big deal, but I kind of predicted it getting compromised sooner or later, whether by one actor or another. The biggest surprise here was that it wasn't a state actor (US, Russia, China, etc.), it seems, but more of a private one.
 
Top