NordVPN

One of the most well-known VPN service providers, NordVPN, stated that the Finnish data centre provider, where the server was housed, was to blame for the security breach.

NordVPN was not aware that the provider of the data centre employed an unsecure remote administration method.

According to NordVPN, the stolen TLS key was no longer valid, making it impossible to decipher VPN communications.

According to NordVPN and TorGuard, no user credentials were captured, and no servers outside from the one in question were accessed.

Source: https://www.kitguru.net/professional/networking/joao-silva/nordvpn-torguard-and-vikingvpn-were-hacked/

TPRM report: https://scoringcyber.rankiteo.com/company/nord-vpn

"id": "nor23117423",
"linkid": "nord-vpn",
"type": "Breach",
"date": "10/2019",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"

{'affected_entities': [{'industry': 'Cybersecurity',
                        'name': 'NordVPN',
                        'type': 'VPN Service Provider'}],
 'attack_vector': 'Unsecure remote administration method',
 'data_breach': {'data_encryption': 'TLS key'},
 'description': 'A security breach at NordVPN involved an unsecure remote '
                'administration method used by their Finnish data centre '
                'provider. A stolen TLS key was reported as expired and no '
                'user credentials were compromised.',
 'impact': {'systems_affected': ['One server in Finnish data centre']},
 'initial_access_broker': {'entry_point': 'Unsecure remote administration '
                                          'method'},
 'post_incident_analysis': {'root_causes': 'Insecure remote administration '
                                           'access by data centre provider'},
 'title': 'NordVPN Security Breach',
 'type': 'Security Breach',
 'vulnerability_exploited': 'Insecure remote administration access'}

NordVPN

Estes Forwarding Worldwide

Synnovis

Department of Veterans Affairs (VA)