NordVPN has been hacked, knew about the breach 'months ago'

NordVPN has confirmed that it was hacked, after rumors began swirling that the virtual private network provider had an expired internal private key exposed. This means that the ones with that key could impersonate NordVPN, and you know how bad that could get.

While NordVPN says it has a "zero logs policy" by stating that the VPN provider doesn't "track, collect, or share your private data"... I'd dare say this is all in teh air right now. TechCrunch reached out to NordVPN, which spokesperson Laura Tyrell then explained: "One of the data centers in Finland we are renting our servers from was accessed with no authorization".

The hackers got into the NordVPN server by taking advantage of an insecure remote management system that was left open by the data center provider, NordVPN said that it was not aware of this system. NordVPN also didn't name the datacenter provider, for obvious reasons.

The NordVPN spokesperson added: "The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn't have been intercepted either. On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN".