Dan Goodin reports:
As many as 2,000 users of NordVPN, the virtual private network service that recently disclosed a server hack that leaked crypto keys, have fallen victim to credential-stuffing attacks that allow unauthorized access to their accounts.
In recent weeks, credentials for NordVPN users have circulated on Pastebin and other online forums. They contain the email addresses, plain-text passwords, and expiration dates associated with NordVPN user accounts.
I received a list of 753 credentials on Thursday and polled a small sample of users.
Read more on Ars Technica. It’s important to read all the way through, too, to note that Dan is very clear about what shouldn’t be assumed:
t’s important for readers to know these lists don’t signal a breach on any NordVPN servers. The lists also don’t indicate that the breach disclosed 11 days ago was worse than the company said it was. Rather, these lists are the result of mistakes both on the part of users and NordVPN.
Like many journalists, I have been receiving almost daily emails from NordVPN trying to get their message/spin out. I have not received any since this Ars Technica piece, and I am curious to see how they will respond to it.