Article

A cybercriminal, using the username 1011, claimed to have stolen over 10 databases via a brute force attack on NordVPN's development server. The alleged data included Salesforce API keys and Jira tokens.

NordVPN stated that the data was fictitious, created six months prior for platform testing. The company reassured that the attack in March 2018 was due to misconfigured remote management tools at a Finnish datacenter, emphasizing that no user activity logs or VPN traffic were compromised.

This incident follows previous breaches involving NordVPN and TorGuard, where private keys and sensitive configuration files were stolen. Additionally, Salesforce faced a critical vulnerability in October, exposing customer data, leading to threats from hackers demanding ransom and risks associated with exposed Jira tokens potentially allowing access to internal documentation. While direct VPN credentials were not compromised, corporate system access could enable targeted phishing campaigns, jeopardizing user privacy.