NordVPN claims alleged data breach is 'false' and that user data is safe

(Image credit: NordVPN)

NordVPN has strongly refuted claims of a data breach concerning an internal Salesforce server.

Class-leading security is one of the reasons we rate NordVPN as the best VPN for most people, but a threat actor, operating under the alias "1011," allegedly leaked internal Salesforce and development data onto a dark web forum.

What is alleged to have happened?

According to the hacker, a brute-force attack occurred on a NordVPN development server containing information related to Salesforce and Jira. Salesforce focuses on sales and customer service, while Jira is primarily for bug tracking.

Reports suggested the accessed environment "may have contained multiple database source codes, configuration details, and authentication records." The hacker is also said to have accessed over 10 database source code files, alongside Jira tokens and Salesforce API keys.

NordVPN responded by saying the claims that its internal Salesforce development servers were breached are "false."

Its investigation found that the leaks were "related to a third-party platform," with which NordVPN "briefly had a trial account." It said that a "temporary test environment" was created six months ago to assess the functionality of the potential vendor.

Data used in this environment was described as "dummy data" and no sensitive data was compromised. NordVPN said "no real customer data, production source code, or active sensitive credentials were ever uploaded to this environment" due to it being a preliminary test.

Following the test, NordVPN ultimately chose a different vendor. The environment used was "never connected" to its production systems and it called the leaked data elements "artifacts."

NordVPN concluded its blog post by saying its "systems remain fully secure. Your data is safe, and no action is required on your part."

NordVPN map displayed on laptop — (Image credit: Future)

Are there any consequences?

NordVPN is confident that its servers weren't accessed and no customer information was stolen. NordVPN users, and their VPN traffic, don't appear to be impacted.

The issue reinforces the vital importance of maintaining high security standards, something NordVPN – and other leading VPN providers – prides itself on. NordVPN has a strict, audited no-logs policy. Its RAM-only servers ensure all data is erased as soon as it's turned off.

Although no personal data was taken, it's important to stay vigilant. Keeping your NordVPN app updated means you'll benefit from the latest security updates.

If you're concerned about the threat of hacking, using one of the best password managers to generate and store complex passwords and enabling 2FA are a must. On top of this, always be aware of the threat of scams and malware, and never hand out sensitive information or click suspicious links unless you're 100% sure they are genuine.

Disclaimer

We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

George is a Staff Writer at Tom's Guide, covering VPN, privacy, and cybersecurity news. He is especially interested in digital rights and censorship, and its interplay with politics. Outside of work, George is passionate about music, Star Wars, and Karate.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.