All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Threat actor claims to have leaked NordVPN
Threat actor claims to have leaked NordVPN Salesforce database
containing 10+ database source codes on a dark web forum.
📌 Panama 🇵🇦
Industry: VPN
Type: Data Leak
Threat Actor: 1011
Samples: Yes
The attacker claims they obtained the data by bruteforcing a misconfigured NordVPN development server which had Salesforce and Jira information stored.
Compromised data:
▪️ 10+ database source codes from NordVPN development server
▪️ Salesforce API keys
▪️ Jira tokens
▪️ Additional sensitive information
Sample SQL dump visible showing:
▪️ salesforce_api_step_details table
▪️ api_keys table structures
▪️ Database schema information
According to analysts at Dark Web Informer, the attack targeted a poorly configured development server. The hacker used a brute force technique, a method that involves automatically testing thousands of password combinations until access is gained.
This means that no protection measures were in place to limit the number of authentication attempts.
Unlike production infrastructures, which are usually heavily monitored, these test servers are sometimes a more accessible entry point, even though they also host equally sensitive information.
Among the examples presented, the hacker shows SQL files that reveal the structure of tables such as salesforce_api_step_details and api_keys.
This intrusion does not concern the browsing data of service subscribers. However, it could allow attackers to retrieve keys from the company's back office.
With Jira tokens and Salesforce API keys in circulation, an intruder could, for example, infiltrate the company's project management and customer relationship tools.
NOTE: It's just a news story, nothing is certain unless there are more details about the case.
Source:
https://x.com/DarkWebInformer/status/2007864908927377528
Comments
https://breachforums.bf/Thread-DATABASE-SQL-nordvpn-com-SalesForce-leaked-Download
Useless data, unfortunately.
https://nordvpn.com/blog/addressing-alleged-salesforce-breach/
blablabla test environment blablabla outdated poc test blablabla no sensitive data blablabla
And that's why a zero-CRM VPN provider that you buy literal scratch cards for is superior.
The only interesting thing is the API keys, but NordVPN have most likely rotated them as soon as the breach was discovered, and they were likely useless anyway due to IP restrictions.
Anyway, it was only test data (no real customer data) in a test environment, and NordVPN chose another vendor, so the code was never used in production.
In other words:
BREAKING NEWS: USELESS TEST DATA LEAKED.
Lots of lol. Get a cheap VPS & run your own VPN...
Common misconception, it would be very bad for your privacy, because you would be the only one using it. It would be extremely easy to fingerprint, even worse than many residential connections with dynamic IP addresses, at least from the view of a threat actor trying to profile you.
There is a benefit to using off the shelf vpn's, because the IP's are being used by hundreds if not thousands of people, making it much much harder to profile & fingerprint. Entry IP addresses are also usually different than exit, making it harder for your ISP (or whoever is snooping on your traffic) to tell at what IP the traffic exits. You can make it even better by using a double hop vpn with exits in a completely different location and network.
A self hosted VPN is great for stuff like streaming from Netflix, or accessing your infra from the outside, but not privacy.
At the end of the day, it all depends on your threat model. NordVPN is marketed as a "privacy" tool, and I would assume many people use it as such.
I remember when NordVPN was breached years ago, that time it was their actual infra.
This leak seems useless, but if this user had more skill he could've probably moved laterally onto dev machines or prod servers. So still embarrassing for NordVPN.
But NordVPN sucks ass anyways.
Modern Web infrastructure is so fragile that the only thing that keeps it from collapsing is a scarcity of competent determined malicious actors.
A competent determined attacker would have wreaked havoc on nordvpn systems, fortunately there aren't that many available.
There's still no official confirmation. Obviously, the scenario is quite possible, and it wouldn't be the first time. But until NordVPN or some reputable technical source confirms it, you know it's going to be treated with caution.
Or rather, the fact that the competent and determined malicious actors have other things in mind that merely collapsing web infrastructure. They'd much rather steal Windows 11 source code and sell it to people in suits and ties than leak some random databases from a shitty VPN to a forum.
Lol, can you explain what sucks about them? Just curious 😀