As we mentioned in a recent article, NordVPN recently revealed that it suffered credential-stuffing attack, which resulted in leaks encryption.
The data hacked leaks included email IDs, plain text passwords, and other data associated with a user account. Nearly 2.000 users of NordVPN have now fallen victim to credential-stuffing, which gives unauthorized access to their accounts.
Η Ars Technica posted a report investigating a small sample of users from a directory containing 753 login credentials and found that the same passwords were still used for other accounts.
This attack brings to light a major problem that still exists and that is to some extent responsible for such violations, and is that users choose simple passwords that they use in many of their accounts.
NordVPN has, of course, tried to downplay the attack by saying that malicious agents could only use private keys to track and control its clients' movements.
If you are a NordVPN user, you should check the site Have I Been Pwned, to see if your email address is listed there. If you find it, you should change it immediately code access, especially if you use it in other accounts.
The company made sure to provide its own explanation of the incident:
Credential stuffing is an attack in which credentials obtained from a data breach in one service are used to connect to another, unrelated service. Registered credentials have been acquired from previous leaks and breaches that had nothing to do with NordVPN. Credential stuffing is a major concern not only for NordVPN but for almost every other digital service and website. The reason behind this is that people reuse the same passwords and login names in different accounts or create weak passwords.
Our security team scans the credentials for both public websites and the dark web, and we urge our customers to change their passwords. In the past, we notified about 50.000 customers to change their passwords. However, the password change rate is only about 50%. The database we use to verify these credentials is constantly growing and consists of more than 30 billion entries.
2.000 accounts that have been assigned a breach are an important issue, but we have 12M clients overall. We are always working with precautionary means, such as rate limiting systems, intelligent detection systems and, in the future, two-factor authentication (2FA). In addition, we always advise our customers through social media channels, blogs and customer newsletters to keep their codes unique and strong.