Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

NordVPN denies breach claims, says attackers have "dummy data"

⁨107⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨day⁩ ago⁩ by ⁨fne8w2ah@lemmy.world⁩ to ⁨technology@lemmy.world⁩

https://www.bleepingcomputer.com/news/security/nordvpn-denies-breach-claims-says-attackers-have-dummy-data/

source

Comments

Sort:hotnewtop
  • veeesix@lemmy.ca ⁨1⁩ ⁨day⁩ ago

    ​"The leaked elements, such as the specific API tables and database schemas can only be artifacts of an isolated third-party test environment, containing only dummy data used for functionality checks. While no data in the dump points to NordVPN, we have contacted the vendor for additional information," NordVPN explained.

    "Because this was a preliminary test and no contract was ever signed, no real customer data, production source code, or active sensitive credentials were ever uploaded to this environment.

    “We ultimately chose a different vendor and did not proceed with the one we tested. The environment in question was never connected to our production systems.”

    I’d love to see the look on 1011’s face having just learned this.

    source
  • Lembot_0006@programming.dev ⁨1⁩ ⁨day⁩ ago

    Why would *VPN even have ANY data worth taking through breaching?

    source
    • dublet@lemmy.world ⁨1⁩ ⁨day⁩ ago

      They operate a business that charges for a service, and therefore have user accounts and payment data for those accounts.

      source
      • john_lemmy@lemmy.ml ⁨1⁩ ⁨day⁩ ago

        There is at least one VPN provider (that I know of) that doesn’t record account and payment data. You can send the fee via regular post in a envelope tied to only a random numerical user ID

        source
        • -> View More Comments
    • prole@lemmy.blahaj.zone ⁨1⁩ ⁨day⁩ ago

      It wasn’t, it was test data

      source
      • Lembot_0006@programming.dev ⁨1⁩ ⁨day⁩ ago

        You don’t have any “test data” if you don’t have any “real data”. Why would you?

        source
    • null@piefed.nullspace.lol ⁨1⁩ ⁨day⁩ ago

      Same reason as any other online company?

      source
      • Lembot_0006@programming.dev ⁨1⁩ ⁨day⁩ ago

        So for selling it to aggregators? That’s bad practice for a VPN-providing company.

        source
        • -> View More Comments
    • a_non_monotonic_function@lemmy.world ⁨23⁩ ⁨hours⁩ ago

      Because your previous trust is clearly misplaced.

      I don’t care what somebody’s TOS says, I’m going to remain skeptical.

      source
  • DarkSirrush@piefed.ca ⁨1⁩ ⁨day⁩ ago

    The company also announced plans to switch to dedicated servers that they own exclusively and to upgrade their entire 5,100-server infrastructure to RAM servers.

    Oh, thats going to be expensive this year.

    source