A virtual private network (VPN) is one of the most useful tools to have in your internet arsenal. But sadly, not all VPNs are created equal. A good VPN not only helps you to surf the internet anonymously but also enhances your privacy. It allows you to bypass geo-restrictions and access websites and services normally blocked in your country or region.
However, there are many VPNs that don’t deliver as promised. Some of them are from popular VPN providers. But on closer inspection, you’ll find some anomalies that pose serious security issues to the users.
Nord: The Popular VPN
In this article, I’ll tell you about a popular VPN that you should definitely avoid. Or you should stop using if you are already a customer. The VPN we’ll be talking about is none other than NordVPN.
From experience, we can confidently state that NordVPN has been getting worse over time. This is despite having started out as a premium highly reliable VPN provider. As you are probably aware, I only recommend products and services that I personally use. But at the moment Nord is no longer on my list of popular VPN providers.
NordVPN was recently hacked. But in as much as everything online is hackable today, the way the company dealt with the incident was not as good as expected. So, let’s take a quick look at the hack in easy to understand terms. Then I’ll give you a few valuable pieces of advice on how to deal with similar situations. I will also tell you the reason why I have decided to remove Nord from my choice of favorite VPNs.
About the Nord VPN Data Breach
You may probably be aware of the hack that happened recently and was actually covered in great detail online. As you all know, a VPN is an important tool. We rely on it to keep our data secure and our online activities private from prying eyes of ISPs, governments, and of course hackers.
Nord is a service that was charged with the responsibility of keeping our identities and data secure. But it actually ended up doing the opposite. And to make matters worse they tried to keep the hack that had taken place in their servers quiet from unsuspecting users.
What happened actually is that one of the datacenters Nord rents for its servers in Finland was accessed without authorization in March 2018. The hacker entered the server with the help of an insecure remote management system left by the datacenter, which was not even named by the Nord team.
The hackers got access to the keys, which is actually a major issue among users. In a perfect case, the data traveling through the VPN is completely encrypted from end to end. But if someone has access to the key, he or she can decrypt the data at the server end and as a result the information becomes insecure and easy to be accessed by the hacker.
Nord’s Failure to Disclose the Data Breach
Nord VPN is of course known for being a zero-log company, which means they don’t record or store their customers’ logs and browsing activities. So, there were no logs, usernames, and passwords to be accessed from the server. The problem, however, is the fact that a person could have successfully conducted a man-in-the-middle attack, steal data from the VPN’s users, and possibly cause unimaginable amounts of harm and losses.
Of course, everything in today’s highly vulnerable environment can easily get hacked, including some of the largest companies. But the issue is exactly how Nord VPN was able to get hacked this easily and how they chose to sweep things under the rug and keep quiet about the issue. They didn’t even inform their customers about the hack so you could take immediate mediation measures to repair damage from your end.
According to one of their spokespersons, NordVPN found out about the hack a few months before they were exposed but still failed to disclose the breach to their users because they wanted to retain their reputation of having a 100% secure infrastructure.
When Did the Breach Happen?
The breach actually happened in March but the keys remained valid until October, which means the hacker had up to 7 months access to customer data. Even if Nord only knew of the breach 3 months before they were exposed, the least they could have done is advise you so you could take measures to control any damage that may have been caused by the man-in-the-middle attack.
A company that has a habit of keeping secrets like Nord did, in my opinion, is not what you’d call a trustworthy company. Keep in mind that trust is one of the most important components of any VPN. This is because the VPN will handle your personal data with extreme care. It only means that the company is more concerned about their profits than the welfare of their customers. If they were concerned about your safety then they would have announced the breach as soon as it occurred.
In an attempt to repair their torn reputation, Nord blamed the attack on the datacenter that they had rented their server from. They even claimed that the datacenter is now fired and no longer handles their data. Despite what happened, Nord ought to be taking full responsibility for the hack and their actions that they took afterward.
Conclusion
Most people had already stopped using Nord VPN earlier on because of their declining performance. In my opinion, it appears that the company has been investing more on advertising its services than in its infrastructure. They’ve even been advertising 80% discounts for new customers. In fact, most people claim the service is getting slower.
They were actually good until they started putting profits first and customer security second. I’ll not be recommending this VPN going forward.
Let us know your opinion on this popular VPN in the comments section below!
