SoylentNews is people
SoylentNews
from the not-the-flaw-you're-looking-for dept.
Top VPN Software Had a Major Security Flaw
Top VPN software had a major security flaw:
One of the most popular VPN services available today may have exposed customer payment information due to a significant security flaw.
Security researchers uncovered a vulnerability in the payment platform used by NordVPN, which has millions of users around the world.
The flaw could have allowed hackers access to user account information, including email addresses and shopping history, according to the team at security firm HackerOne.
- What's the truth about the NordVPN breach? Here's what we now know
- Bug bounties have made these hackers millionaires
- NordVPN boosts security with new bug bounty program
UPDATE: NordVPN has told TechRadar Pro that the vulnerability was isolated to three small payment providers and possible to exploit only within a limited timeframe.
"We have confirmed with our tech team that the issue was disclosed on H1 only after evaluating that no data had been exploited," a NordVPN spokesperson told us.
Also at:
NordVPN HTTP POST bug exposed customer information, no authentication required:
(Score: 0) by Anonymous Coward on Wednesday March 11 2020, @08:57PM
I'm pretty sure, yes.
But unlike most folks, I have the knowledge and skills to both secure *and* monitor my environment.
If I knew (and trusted) you personally, I'd give you the opportunity to *try* to hack my sites. I've done that before too.
So far, so good. However, your question is a valid one. If you connect a resource to the Internet, it's prudent to assume that, at some point, it will be compromised.