I guess most of you by now know VPNs and NordVPN is one of the leading players in the market. First of all, I use Nord myself, have used it for several years but this is not about that.
Read the TechCrunch article in the morning, link here. First I thought OMG NordVPN being hacked would be big news, but halfway through the article I almost spilt my coffee.
What happened, is that Finish company whom they rented servers from experienced a data breached and an EXPIRED TLS key was leaked. That is not good, and you can execute a MiTM attack with that, which would take some serious effort. But here’s how TechCrunch “security researcher” without a name or company said:
But the security researcher warned that NordVPN was ignoring the larger issue of the attacker’s possible access across the network. “Your car was just stolen and taken on a joy ride, and you’re quibbling about which buttons were pushed on the radio?” the researcher said.
This hardly makes any sense, a leaked expired TLS key cannot compromise the infrastructure of a VPN serice that has 10 million users. And now the cherry on the top: TechCrunch is owned by Verizon that have also released a VPN that was, below average, to put it mildly. Check the review here
So we have a company that owns a VPN and a news source, then publishes biased article full of speculations against a leading VPN company. Can I only ask? Did they expect to get away with this?
Btw, adding a link to the official NordVPN response on this matter. You’ll find news that they will be upgrading their infrastructure in a pretty serious way, so check all of it out.