On CyberMonday morning, Halloween fever was running rampant online and one solution was filtering pretty much everything you could possibly think of; NordVPN was working. But never fear, now the VPN provider has confirmed it’s been hacked.
NordVPN released this statement:
Some customers are complaining that they were tricked into connecting to NordVPN’s website, which only warns them of the vulnerabilities in their systems. We are working on the matter right now and will disclose the details when a patch can be confirmed. NordVPN customers should try to block the unencrypted traffic their apps are receiving.
If you wanted to keep your communications off the internet, there were two solutions — you could try to whitelist NordVPN, which appeared as a privacy-restricting option on your browser (like a VPN certificate). Alternatively, there are ways to restrict access to the VPN — like by logging out and restarting your browser.
NordVPN has no further comment to share as far as its plans on the future of its service.
Update: NordVPN released another statement. This one is pretty simple:
No NordVPN vulnerabilities have been disclosed at this time and we continue to investigate. Once a patch is available, NordVPN will respond to all customers who want to whitelist NordVPN through a one-time password reset.
UPDATE II: In a blog post, NordVPN has a more comprehensive explanation of the cause of its discovery. Of course, the majority of new NordVPN users have had access to the service for a while, so it isn’t too shocking, but since its version of the VPN available is the same one you were using, the reason why some hackers hacked its service may not be completely clear at this point. It also revealed a couple other tricks you can try in order to avoid that authentication as well.