ByBill Toulas-October 23, 2019.1049 Figure 1 NordVpn NordVpn has selected the wrong supplier of data centers and is now charging it with negative advertising. The vulnerable server has been hacked by a malicious actor and had it run for a full month. NordVpnthe hacker points out that anyone who hacked NordVpn had root access to a server container which means full power. The hacker also claims that TorGuard VikingVpn and OpenVpn have in the past even stolen their server keys and Tls certificates, but there is no official confirmation of this yet. Long story short someone exposed to the expired internal keys could launch their own NordVpn server clones with everything that this entails for the famous service’s users. Apparently other Vpn providers have also been compromised: undefined (@hexdefined) October 21, 2019 Has this actually happened, and have people fallen victim to such a nasty man in the middle? In their official reply, NordVpn tries to ease the fear of the incident by claiming that the compromised server did not contain any user activity logs or user credentials so that the malicious actors could not intercept any critical stuff. We also explain that this was an isolated case since one of their datacenter providers left a remote management device unprotected by mistake. That said all the three thousand other datacenters they used were perfectly safe and safe all along. NordVpn claims they’ve double-checked that so we have no reason to dispute it. NordVpn reports that they became aware of the breach a few months ago but chose not to immediately report the incident because they wanted to make sure that no other aspects of their infrastructure were compromised. The organization attributes this delay to a large number of servers, and their network sophistication. Naturally, revealing it now that the “undefined” hacker has released his / her findings does not help much in maintaining a trusting relationship with their clients. This would be as bad news for its users and as detrimental as it would be for their company we would have preferred NordVpn to report the incident much earlier. In September 2017 TorGuard also confirmed that its Vpn services were compromised. They tracked the actor to an 8chan user who used ghostbin ties that expired to prove his crime. Nevertheless, and since TorGuard used safe control of Pki its main Ca key was not affected. The team of the successful Vpn service discovered the breach in May 2019 and found that the hosting reseller had already been excluded from their network due to other incidents.