NordVPN has firmly rejected claims of a knowledge breach after a menace actor surfaced alleged stolen information on a darkish internet breach discussion board, purporting to show the VPN supplier’s Salesforce improvement server.
The incident, first noticed on January 4, underscores the rising tide of unsubstantiated leak claims in underground boards, the place actors usually peddle fabricated or recycled dumps for extortion or notoriety.
In an official assertion launched as we speak, NordVPN detailed its fast response. “Yesterday, on the 4th of January, we now have recognized a knowledge dump on one of many breach discussion board web sites, containing allegations made by a menace actor claiming to have accessed a ‘NordVPN Salesforce improvement server.’ We instantly began to confirm these claims and now wish to handle them on to make clear what occurred,” the corporate wrote.
Forensic evaluation by NordVPN’s safety workforce revealed no proof of compromise in its core infrastructure. “Our safety workforce has accomplished an preliminary forensic evaluation of the alleged information dump.
Whereas we’re persevering with our investigation to make sure absolute certainty, we will verify that, at this stage, there aren’t any indicators that NordVPN servers or inner manufacturing infrastructure have been compromised,” the assertion continued.
The purported leak traces again to not NordVPN’s methods however to a third-party testing platform trialed six months in the past. Throughout a regular proof-of-concept (PoC) analysis for automated testing instruments, NordVPN created a brief setting.
Crucially, no buyer information, manufacturing code, or reside credentials have been concerned; solely dummy information for performance checks. The seller was in the end handed over, and the setup was by no means linked to manufacturing networks.
“The info in query doesn’t originate from NordVPN’s inner Salesforce setting or every other providers talked about within the declare. As an alternative, our investigation recognized that the leaked configuration recordsdata have been associated to a third-party platform, with which we briefly had a trial account,” NordVPN defined.
Claims of breached API tables and database schemas are dismissed as artifacts from this remoted take a look at, containing no tips that could the corporate’s operations.
NordVPN has reached out to the third-party vendor for additional particulars and reiterated that “NordVPN methods stay absolutely safe. Your information is protected, and no motion is required in your half.”
Comply with us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
