Top VPN software had a major security flaw:
One of the most popular VPN services available today may have exposed customer payment information due to a significant security flaw.
Security researchers uncovered a vulnerability in the payment platform used by NordVPN, which has millions of users around the world.
The flaw could have allowed hackers access to user account information, including email addresses and shopping history, according to the team at security firm HackerOne.
- What's the truth about the NordVPN breach? Here's what we now know
- Bug bounties have made these hackers millionaires
- NordVPN boosts security with new bug bounty program
UPDATE: NordVPN has told TechRadar Pro that the vulnerability was isolated to three small payment providers and possible to exploit only within a limited timeframe.
"We have confirmed with our tech team that the issue was disclosed on H1 only after evaluating that no data had been exploited," a NordVPN spokesperson told us.
Also at:
NordVPN HTTP POST bug exposed customer information, no authentication required:
(Score: 1) by fustakrakich on Wednesday March 11 2020, @06:04AM (5 children)
Seems like trusting anybody only leads to trouble.
Is there anyplace that hasn't leaked yet?
La politica e i criminali sono la stessa cosa..
(Score: 1, Insightful) by Anonymous Coward on Wednesday March 11 2020, @06:07AM (4 children)
Yup. My personal infrastructure.
No. You can't use it.
(Score: 3, Insightful) by maxwell demon on Wednesday March 11 2020, @01:14PM (3 children)
Are you sure your personal infrastructure hasn't leaked yet? Maybe you just didn't notice it.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Freeman on Wednesday March 11 2020, @05:55PM (1 child)
It's a lot easier to secure a closed-off wired local net than an always online computer.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Wednesday March 11 2020, @08:52PM
OP here.
Given that I run several domains (with downtime only when I have no Internet connectivity from *both* my ISPs) as well as my own DNS with multiple ISPs and and a diverse set of resources, I make an effort (aided by 20+ years of *professional* InfoSec experience) to secure my environment and use a variety of tools to monitor that security.
So far, I've been successful. And no, you can't use it either. :)
(Score: 0) by Anonymous Coward on Wednesday March 11 2020, @08:57PM
I'm pretty sure, yes.
But unlike most folks, I have the knowledge and skills to both secure *and* monitor my environment.
If I knew (and trusted) you personally, I'd give you the opportunity to *try* to hack my sites. I've done that before too.
So far, so good. However, your question is a valid one. If you connect a resource to the Internet, it's prudent to assume that, at some point, it will be compromised.