Popular VPN service confirms large-scale security breach
By Max BurkhalterNovember 1, 2019
As concerns over internet security and privacy continue to grow, more consumers and businesses are turning to third-party VPN services to help protect their sensitive data. While these platforms have had a decent track record when it comes to safeguarding online privacy, a recent announcement by NordVPN has sent shockwaves through the market.
According to a late-October article from TechCrunch, the popular VPN service provider confirmed it had been hacked following rumors of a serious data breach. NordVPN is one of the largest competitors in the market and has earned wide recognition thanks to its aggressive approach to digital marketing. However, concerns about the company's cybersecurity practices are now having a major impact on its credibility with general and enterprise customers.
Why transparency matters
One reason NordVPN is facing serious public outcry is that the company failed to disclose the data breach for several months. The cyberattack occurred back in March 2018 and targeted one of the company's Finland-based data servers, CNet reported. NordVPN rents its servers to help cut costs, a move that made it difficult to verify whether best practices were being upheld. The hackers were able to take advantage of an expired internal private key that allowed them to gain access to NordVPN's server through an unsecured remote management system used by their data center provider.
Another issue is that it took NordVPN administrators months to detect the breach, giving hackers plenty of time to intercept the internet traffic of its users. The company has since terminated its contract with the data center and is now conducting a thorough security audit to ensure all other servers are protected. However, the slow response has potentially exposed thousands of users to the risk of identity theft and man-in-the-middle attacks.
The risk of third-party security tools
Companies that rely on third-party VPNs and other cybersecurity tools often lack the transparency they need to ensure the integrity of their data and applications. NordVPN's recent security breach demonstrates just how many points of failure there are in offsite storage services. Even if a third-party vendor upholds the strictest cybersecurity protocols, a single vulnerability at their data center can undermine the entire network infrastructure.
Luckily, Perle offers reliable networking components that can help organizations improve their on-site network security and data storage practices, such as our industrial-grade Ethernet switches and serial device servers. Read some of our customer stories to find out more.