How to Protect Your Data From NordVPN, TorGuard and VikingVPN Hacks
Hackers have compromised the servers of at least three popular VPN services – NordVPN, VikingVPN, and TorGuard – over the past couple of years, stealing cryptographic keys that could be used to intercept and decrypt highly sensitive user data or bypass browser security features to deploy a web attack. In other words, this is not good, especially if you use one of the three electronic services.
Here’s a quick overview of what you need to know about violations, based on a few details that have been disclosed so far:
Multiple violations since 2017
Ars Technica has posted useful information about NordVPN, TorGuard and Viking VPN hacks. It describes how the attacks were carried out and how they were originally detected, but many important pieces of information – such as how stolen encryption keys were used or whether any of the service users were actually affected – are still unknown.
The most recent attack targeted NordVPN back in March 2018 – almost 19 months ago – but is only now being revealed . NordVPN reports that the attacked server did not store usernames or passwords, and that no other servers or data centers were attacked. The company also reports that one in three keys stolen in March 2018 became invalid by October 2018, which means it hasn’t been used for over a year by now. However, this particular key could be used to target and collect individual user data during the months it was active, and none of NordVPN’s statements to reporters or its users touched the other two keys.
The disclosure of the compromise of the NordVPN server came immediately after it became known that VikingVPN and TorGuard had suffered similar violations back in 2017. So far, only Torguard has commented and stated that the stolen keys could not be used to compromise user data and were disabled for several months. … However, the hacked server was in active use until early 2018.
What should you do?
NordVPN and TorGuard’s claims have been challenged by security researchers, who told Ars Technica that using stolen keys to collect user data is easier than these companies could convince their users.
VPNs are often touted as privacy tools that help you bypass annoying online bureaucracy, but they’re not just about watching Netflix headlines exclusive to other regions or hiding your browsing data from your ISP so you can torrent. torrent of the latest release. your favorite show. Many people who use VPNs also try to maintain privacy and anonymity: political activists defending their identities from dangerous or repressive governments, journalists and investigators receiving confidential information, or even white-hat hackers looking for serious security flaws.
A VPN with weak security protocols – and those that don’t inform their users of potential security breaches – puts their users at risk. And these kinds of incidents show that even well-tested products that otherwise perform as intended can be risky. Until further information emerges, we suggest that current NordVPN, TorGuard and VikingVPN customers (as well as those buying a new VPN) look elsewhere.
The safest option is to run your own VPN, but that’s a topic for another time; we will have a complete guide for this in the near future. At the moment, there is another option – to explore a new commercial VPN, but this is easier said than done. There are many VPNs out there, and most of them are n’t great . Many of them are even outright scams. We suggest referring to our guide to finding a reliable VPN , while new users will likely want to take a look at our general VPN explanation as well . Both articles contain tips for checking potential services and links to other helpful listings and resources.