NordVPN has consistently ranked among our best VPN providers, and although it takes second place to ExpressVPN, it’s still an impressive service (see how the two stack up in our ExpressVPN vs NordVPN comparison). After a breach in 2018, though, many are still wondering if NordVPN is safe to use.
As a virtual private network, we like NordVPN a lot. It ranks among our best VPNs for Netflix because it can beat the Netflix VPN ban, and NordVPN is a solid option when it comes to torrenting (read our best VPN for torrenting piece). Still, we need to bring light to the security breach and answer the many questions surrounding it.
The NordVPN Hack
In late 2019, NordVPN confirmed that it suffered a security breach in early 2018. According to the article where NordVPN came clean about this issue, it started on March 5, 2018, before the malicious user was removed on March 20, 2018.
Although the user was removed quickly, NordVPN didn’t make the incident public until a year later when a user on Twitter started posting images of the VPN server configuration.
The attack went down when an 8chan user found a vulnerability in one of NordVPN’s server configuration files. Using a data center account, the attacker had full access to all the traffic moving through that server, outside of standard HTTPS encryption. NordVPN, however, says that there’s no evidence that anything was monitored.
In short, the hack wasn’t directly the fault of NordVPN, but rather the fault of a data center that it chose to include in its network.
There’s a lot of confusion about when this attack happened, though. NordVPN claims it was on March 5, 2018, but the 8chan thread where this vulnerability was discussed has a date of May 3, 2018. That means the vulnerability could’ve been exploited as soon as the server went live, all the way until March 20, 2018, when the user account was removed.
Regardless, the practical impact of this breach is minimal. The attacker gained access to TLS keys that could, in theory, allow them to set up a fake NordVPN website (read our SSL vs TLS guide to see how that happens). However, these keys expired in October 2018, and we haven’t seen any fake sites.
It’s possible that the attacker could monitor unencrypted traffic flowing through the VPN server, too. There’s no way to know for sure if that happened. NordVPN, at least, says it’s unlikely because the configuration file remained unchanged.
If that did happen, though, the attacker wouldn’t have been able to see any personal information, such as user IP addresses. If they could snoop — which NordVPN says isn’t possible — all they could see is internet traffic.
Is NordVPN Safe After It Was Hacked?
The NordVPN hack received a lot of press, and rightfully so. However, while many stories focused on the negative implications, very few paid mind to how NordVPN responded. Immediately after becoming aware of the issue, NordVPN began internally auditing all of the servers in its network.
Now NordVPN is responding further. First, it partnered with VerSprite for penetration testing, source code analysis and more. It also started a bug bounty program that rewards cybersecurity experts for finding bugs in NordVPN’s software. Furthermore, it’s set to begin a full third-party audit of its infrastructure, hardware, source code and internal procedures this year.
The hack was a big deal theoretically, though it didn’t actually hurt any NordVPN users directly. Still, NordVPN responded by fully overhauling its infrastructure and security practices. Sure, it might’ve been a response to the massive, negative coverage the hack received. Regardless, NordVPN put a lot of resources toward fixing the problem, and for that, it should be commended.
Is NordVPN Really Private?
With the breach out of the way, let’s talk about NordVPN as a VPN service. It’s a no-logs provider, meaning it doesn’t know if you’re browsing streaming services or downloading a torrent while connected to its network (read our guide to why NordVPN is not working if you have trouble). NordVPN also includes a range of specialty servers, such as a “double VPN,” that add an extra layer of protection (Windscribe also has this feature).
NordVPN really is private, at least as far as we’re capable of testing. Furthermore, NordVPN plans to update every server in its network to operate solely off of RAM. That means the servers will run off of a central infrastructure provided by NordVPN, storing nothing — not even an operating system — in long-term storage.
Is NordVPN Safe to Use?
Despite the breach, NordVPN abides by the best practices in VPN security; it’s free of DNS leaks, has multiple protocol options and offers a kill switch. As quite possibly the largest VPN provider in the world, NordVPN got a lot of heat for its breach, and rightfully so. Now that the dust has settled, though, we can say with confidence that NordVPN is safe to use.
In fact, we gave NordVPN a perfect privacy rating in our NordVPN review, with security coming in closely behind (NordVPN works in China, too). Privacy and security are not an issue, and your data is safe. However, if you choose not to support NordVPN, that’s a fair choice. After all, it’s not the fastest VPN around. If you’ve signed up for NordVPN but have changed your mind, read our guide on how to cancel NordVPN and get a refund.
ExpressVPN is our top choice, and with its 30-day money-back guarantee, there’s little risk in giving it a shot. For those on a budget, CyberGhost and Private Internet Access are the best options, so make sure to read our CyberGhost review and Private Internet Access review to learn more about them.
Do you plan to use NordVPN now that the breach has happened? Or is it still too close for comfort? Let us know in the comments below and, as always, thanks for reading.