Popular privacy tool NordVPN has revealed it suffered a data breach last year.
The company says that one of its servers located in Finland was vulnerable between January 31, 2018 and March 20, 2018, but was only accessed once – in March that year.
Whoever accessed the server, has had access to a list of websites that people, who were connecting through that specific server, were visiting. Because of the way NordVPN operates, the malicious actors have only had access to the names of the visited websites – all content was encrypted and thus scrambled.
It was also said that, due to the fact that NordVPN has its users switching servers every five minutes, the amount of data hackers could have gathered on individuals was very limited. Finally, it was added that it is not possible to connect the website visits with individuals, as that data wasn't available to begin with.
“Potential attackers could have gotten only into that server and only intercept the traffic and seen what websites people are browsing — not the content, only the website — for a limited period of time, only in that isolated region,” Tom Okman, a member of NordVPN’s tech advisory board, told The Verge.
NordVPN knew about the breach “for a few months”, but decided to stay tight-lipped as its internal investigation was still pending.