Third-party Datacenter Breach Concerning NordVPN

We recently reported an incident involving NordVPN and a third-party datacenter. We were notified about the breach on April 13, 2019. We shredded the server that same day. You can learn more about our security action plan: https://nordvpn.com/blog/security-plan/ One NordVPN server was affected in March 2018 in Finland. The rest of our service was not affected. No other servers of any type were put at risk. This was an attack on our server, not our entire service. No user credentials were affected. There are no signs that the intruder attempted to monitor user traffic in any way. Even if they had, they would not have had access to those users’ credentials. Once we found out about the incident, we first terminated our contract with the provider and eliminated the server, which we had operated since January 31, 2018. We then immediately launched a thorough internal audit of our entire infrastructure. We had to ensure that no other server could possibly be exploited this way. Unfortunately, thoroughly reviewing the providers and configurations for over 5,000 servers around the world takes time. As a result, we decided we should not notify the public until we could be sure that such an attack could not be replicated anywhere else on our infrastructure. Lastly, we raised our standards even further for current and future datacenter partners to ensure that no similar breaches could ever happen again. We want our users and the public to accurately understand the scale of the attack and what was and was not at risk. The breach affected one of over 3,000 servers we had at the time for a limited time period.