The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldnt have been intercepted either, said the spokesperson. On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.
According to the spokesperson, the expired private key could not have been used to decrypt the VPN traffic on any other server. NordVPN said it found out about the breach a few months ago, but the spokesperson said the breach was not disclosed until today because the company wanted to be 100% sure that each component within our infrastructure is secure.
"While this is unconfirmed and we await further forensic evidence, this is an indication of a full remote compromise of this providers systems, the security researcher said. That should be deeply concerning to anyone who uses or promotes these particular services. NordVPN said no other server on our network has been affected. But the security researcher warned that NordVPN was ignoring the larger issue of the attackers possible access across the network. Your car was just stolen and taken on a joy ride and youre quibbling about which buttons were pushed on the radio? the researcher said.