The virtual private network service NordVPN recently disclosed a server hack that leaked crypto keys. In the past few weeks, the credentials of NordVPN users were circulated on online forums such as Pastebin.
The stolen data contained email IDs, plain-text passwords, and other data associated with a user account. Now, almost 2,000 NordVPN users have fallen victim to credential-stuffing attacks that granted unauthorized access to their accounts.
Credential stuffing is an attack that uses credentials from one leak to access other accounts with the same username and password.
Ars Technica published a report where they polled a small sample of users from a list of 753 credentials. They found that passwords for all but one were still being used.
This incident doesn’t indicate a breach on the network’s servers but highlights the fact that this attack (in part) occurred due to the fact that people choose simple passwords and use them across more than one website.
NordVPN is seemingly trying to downplay the intrusion saying that attackers could have used the private keys to intercept and view traffic for some of its customers’ traffic.
The VPN service also issued a statement to Fossbytes where it clarified that “the listed credentials have been acquired from previous leaks and breaches that had nothing to do with NordVPN.”
The company says that the attackers would have been limited to eavesdropping on communications, routing through just one of the company’s more than 3,000 servers.
If you are a NordVPN user, you should check out Have I Been Pwned to see if your email address is listed there. If it is, you should immediately change your password.