NordVPN has completed a thorough independent evaluation of its applications, infrastructure, and core features.
Strong results reaffirm the provider's commitment to security and privacy – one of the reasons we rate it as the best VPN overall.
No critical vulnerabilities found
Across its assessments, Cure53 found no critical vulnerabilities. The auditor completed a number of penetration tests – an authorized attack on systems – and conducted reviews of NordVPN's code.
Testers examined applications, infrastructure, and core features, including:
- Android, iOS, Windows, macOS, and Linux applications
- Browser extensions for Chrome, Edge, and Firefox
- Threat Protection components
- NordAccount authentication and 2FA flows
- Core APIs for VPN, Threat Protection, Meshnet, and account services
- VPN servers and supporting infrastructure
Mobile and desktop apps were found to follow "strict security practices." This included secure data storage and biometric protections. Servers were found to be secure and employed restrictive firewall rules.
NordVPN suffered a highly publicised server breach back in 2017. But since then the provider's security record has been flawless.
Cure53 did find some items requiring attention, and these were addressed immediately by NordVPN's team. Cure53 has confirmed these fixes were effective.
Marijus Briedis, CTO of NordVPN, said: "We are proud that the audit found no critical vulnerabilities, and our teams have already acted on the findings to further tighten our internal protections."
"Security work never ends, and each new assessment helps us make the service even safer," added Briedis. "The latest test results show that NordVPN’s applications and systems remain well-protected, and we will continue to improve them for the benefit of all users who rely on our service."
Why are audits important?
Privacy and security audits are vital for ensuring a VPN provider does what it says it does. Independent third-parties can examine no-logging policies, security practices, and infrastructure.
Independent audits aren't entirely foolproof, but they go a long way to reassuring users their data is safe. Almost all leading VPN providers complete regular audits. NordVPN and Proton VPN complete them yearly, and ExpressVPN has undergone 23 overall.
VPNs that don't complete regular audits aren't inherently unsafe, but we'd always prefer a provider to have undergone at least a no-logs audit. For example, one of our big criticisms of PrivadoVPN is its lack of an independent audit, despite the fact there's nothing to indicate PrivadoVPN is in any way unsafe.
If you're looking for one of the most private VPNs – and seeing proof of how your data is secured is important to you – always pick a VPN that has been independently audited.
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
