NordVPN suffers from unauthorised access to a data centre

NordVPN, a VPN provider, has confirmed that it suffered a cyber attack in March 2018 that gained unauthorized access to one of the data centers of a provider in Finland where its service was deployed, having seen compromised configuration files, certificates and three private keys.

The attacker exploited a vulnerability of the server provider and intercepted the user credentials, although NordVPN claims that the affected server did not contain sensitive information.

The incident has also affected other providers using the same data center, such as VikingVPN and TorGuard. TorGuard has issued a statement explaining that it has not been affected, as its primary CA key was stored outside the compromised server.