Posted October 22, 2019 12 hours ago, Spotty said: While I dislike TechCrunch as an outlet, the article they've published here about this seems rather balanced and mostly just contains quotes from the statement released by NordVPN confirming the unauthorised access on one of their servers. https://nordvpn.com/blog/official-response-datacenter-breach/ I doubt TechCrunch has anything to do with any internet or VPN services offered by Verizon, even if they are owned by the same parent company. Even if they were publishing stories to promote their parent companies own VPN service I don't think this story would be a smart marketing play. You don't convince people to sign up to VPN's by publishing a bunch of stories about how insecure they are, even if it's the competition. That's only going to drive people aware from VPNs and make them not trust VPNs. You're better off publishing stories about how the big spooky corporations or Governments are trying to spy on you and how VPN's are secure and how you need a VPN to protect yourself and your private data. If you're still concerned about Tech Crunch's article then read the story from one of the many other tech outlets who also published the story. https://www.tomsguide.com/news/nordvpn-torguard-admit-being-hacked-but-thats-just-the-beginning https://www.theregister.co.uk/2019/10/21/nordvpn_security_issue/ https://www.androidpolice.com/2019/10/21/nordvpn-was-hacked-in-march-2018-only-some-servers-affected/ https://www.tweaktown.com/news/68298/nordvpn-hacked-knew-breach-months-ago/index.html https://au.pcmag.com/torguard-vpn/64047/nordvpn-torguard-hit-by-hacks-involving-insecure-servers https://www.theinquirer.net/inquirer/news/3082891/nordvpn-server-hack I'm willing to bet almost all the other articles are based on the TechCrunch article so all it takes is for TechCrunch to get one thing wrong for everybody else to be wrong or in the case we were saying earlier all it takes is TechCrunch throwing NordVPN under the bus for all of them to do so. See: The Internet Echo Chamber Effect. Judge a product on its own merits AND the company that made it. How to setup MSI Afterburner OSD | How to make your AMD Radeon GPU more efficient with Radeon Chill | (Probably) Why LMG Merch shipping to the EU is expensive Oneplus 6 (Early 2023 to present) | HP Envy 15" x360 R7 5700U (Mid 2021 to present) | Steam Deck (Late 2022 to present) Mid 2023 AlTech Desktop Refresh - AMD R7 5800X (Mid 2023), XFX Radeon RX 6700XT MBA (Mid 2021), MSI X370 Gaming Pro Carbon (Early 2018), 32GB DDR4-3200 (16GB x2) (Mid 2022 Noctua NH-D15 (Early 2021), Corsair MP510 1.92TB NVMe SSD (Mid 2020), beQuiet Pure Wings 2 140mm x2 & 120mm x1 (Mid 2023), Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted October 22, 2019 1 minute ago, AluminiumTech said: I am gonna say the Echo Chamber effect is hard not to notice here. Everybody's article is based on the TechCrunch article. So ultimately if TechCrunch is somehow wrong in any way then all of the articles are wrong. Also I disagree with JayzTwoCents, NordVPN said that they looked at every one of their servers to make sure a similar thing wasn't on those servers. Frankly I still thing that everybody is trying to make out NordVPN to be the bad guy here and treating them as if they were lying about logs which they aren't. Yes, NordVPN should have taken a bit more care to make sure it didn't happen but ultimately it was the Data Centre guys who screwed up. NordVPN is based out of Panama and so isn't required to provide logs. They have been audited and there was nothing bad or untowards there. They were found to have no logging and in general a secure system. The same thing can't be said about PIA which would be forced to provide logs when required by a court of law because the laws in the US and UK require them to keep logs. You can't handover logs if no logs actually exist. Disclaimer: I am a paying customer of NordVPN and I am also in a position to financially benefit from the success of NordVPN. At this point, the proper assumption should be that NordVPN does what they say and the attack vectors are intentional to hurt their reputation because, as you point out, they're not subject to Five Eyes rules. This is pretty classic Media Warfare stuff. Nord had a single end-point get compromised, which exposed very little. They reported it after they've tested they've checked their entire system. They did everything quite proper. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted October 22, 2019 2 minutes ago, valdyrgramr said: I don't use public wifi or travel, yay Asperger's! Introversion is a super power in the modern world. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted October 22, 2019 3 hours ago, BuckGup said: I wouldn’t trust PIA at all too No one should be trusted,always proceed with caution and stay vigilant on the internet. A PC Enthusiast since 2011 AMD Ryzen 7 5700X@4.65GHz | GIGABYTE GTX 1660 GAMING OC @ Core 2085MHz Memory 5000MHz Cinebench R23: 15669cb | Unigine Superposition 1080p Extreme: 3566 Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted October 23, 2019 13 hours ago, ravenshrike said: If you had actually taken the time to read NordVPNs response you would know the delay after they were notified of the issue was because they were undergoing an audit of all their other extant servers(minus the ones from the company the breached server was with as they erased those servers and terminated their relationship with them) to make sure no other surprises like this were hanging around. They also started another audit to double check that it was impossible to get any logs from their servers in the event that such a breach happened again. You are the one who didn't take the time to understand what was being said in the NordVPN article. See the quote below Quote A few months ago, we became aware of an incident in March 2018 when a server at a datacenter in Finland we had been renting servers from was accessed without authorization The "a few months ago", the incident happened in March 2018...so that means they were unaware of it for most likely over a year. That really does beg the question, how effective are they at doing proper audits? And what precautions do they really take when it comes to sourcing vendors (notice no mention of breach of contract or them mentioning how they require certifications from vendors). Who is to say that other vendors haven't/aren't doing the same? (They obviously didn't have proper systems in place to have been able to check). They did not mention about their internal audit's being the one that caught the issue; they only ever mention becoming aware of it a few months ago. Could be wrong, but I thought somewhere in the release this morning, or one of the quotes somewhere from the company mentioned it being brought to their attention about the configuration file by security researchers. Either way though, that doesn't really make what I said too much wrong. The breach went undetected, over a year of not knowing about it means it is undetected in my mind. If they didn't realize it in over a year, then how can they be sure other vendors haven't done the same? The potential attack vector is only a small amount in my mind of what may have been possible. 3735928559 - Beware of the dead beef Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted October 24, 2019 I try to check for tech deals. Happened to come across this today.... Spoiler Of course it's on sale now Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted October 24, 2019 I'm slightly afraid for Linus Media Group on this - they originally had this issue with TunnelBear, and all companies tend to wait months (leaving users insecure until "they've done a full investigation"), before telling everybody they were hacked. PIA could be in the same position, and people'd just never know unless they tell you. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted October 24, 2019 It's hilarious how most ignore the fact that not only Nord was hacked. You really think PIA or tunnelbear are safer? All providers are hacked already, but most do not publish information on that because they either paid the hackers to keep quiet or they didn't realize that they got hacked! Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted October 24, 2019 VPN is great keep ISP out of your traffic but do you trust your VPN provider more than your ISP? Magical Pineapples