NordVPN denies data breach after hackers claim Salesforce leak — here’s everything we know so far

A threat actor known as “1011” claims to have breached a NordVPN development server
NordVPN denies its systems were compromised, stating the leaked data belongs to a third-party trial account
No user credentials, billing details, or browsing logs were involved in the alleged dump

NordVPN, widely considered the best VPN on the market for privacy-conscious users, has firmly denied allegations that its internal Salesforce database was breached. The denial comes in response to reports circulating on dark web forums where a threat actor claimed to have accessed sensitive development tools.

The incident began when a user operating under the alias “1011” posted on a cybercrime forum, alleging they had successfully brute-forced a misconfigured development server.

The actor claimed this access allowed them to exfiltrate source code, Jira tokens, and Salesforce API keys allegedly belonging to NordVPN. The post included sample SQL dumps and screenshots intended to verify the intrusion.

According to the attacker’s statements, the compromised environment was used for internal testing and development purposes, not production systems, though they suggested it contained data that could facilitate broader access.

The claims quickly gained traction within underground forums and on social media, prompting speculation about the authenticity and potential impact of the breach.

Security researchers began analyzing the shared materials to determine their legitimacy, while NordVPN initiated an internal investigation to assess whether any systems or customer data had been affected.

blog post released shortly after the claims surfaced, the company stated that its own internal Salesforce environment was not touched.

Instead, NordVPN’s preliminary investigation suggests the leaked configuration files were related to a third-party platform the company had briefly used for a trial account.

“We immediately started to verify these claims,” a NordVPN spokesperson explained in the statement. “Our security team has completed an initial forensic analysis… and we can confirm that, at this stage, there are no signs that NordVPN servers or internal production infrastructure have been compromised.”

The company emphasized that the data in question did not originate from NordVPN’s core internal systems. This distinction is vital for users worried about the integrity of the service’s strict no-logs policy.

NordVPN website download screen on laptop with a coffee

So far, there is no evidence to suggest user data is at risk from the breach (Image credit: Future)

Is your data safe?

For the average user, the most important takeaway is that this alleged incident involves back-end development tools, not the VPN tunnels that carry your internet traffic.

Even if the hackers’ claims regarding the development server were accurate, there is no evidence to suggest that user usernames, passwords, or billing information were accessed.

The threat actor’s own listing specified “internal Salesforce and development data,” rather than customer databases. Furthermore, NordVPN’s infrastructure is designed to be RAM-only (diskless), meaning user activity logs are not stored on hard drives that could be scraped during a breach.

reports by Cyber News.

While the presence of a “misconfigured server”, even if it was a third-party trial environment, is a reminder of the vigilance required in cybersecurity, it appears NordVPN’s production environment remains secure. The company has stated it is continuing its investigation to ensure “absolute certainty” regarding the scope of the data dump.

As always, while this specific incident does not appear to require a password change, we recommend users employ strong, unique passwords and enable multi-factor authentication (MFA) on all sensitive accounts as a standard safety measure.

These practices significantly reduce the risk of unauthorized access, even if credentials are compromised through unrelated breaches or phishing attempts.

Users should also remain vigilant for any unusual account activity, avoid reusing passwords across multiple platforms, and consider using a reputable password manager to securely store and generate complex passwords. Maintaining these habits is one of the most effective ways to safeguard personal and organizational data.

Source link

Apple is about to reinvent Siri at WWDC this year — and it might finally feel like ChatGPT

‘Time to leave’: Three just introduced speed caps on its plans — and customers aren’t happy

FCC router ban begs the question: Do you know what’s running in your network?

Google just fixed one of the biggest Gemini for Home problems, bringing back a feature users say they ‘really missed’

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Fawn Bluff: Michelle Pfeiffer, David E. Kelley Former Home Is Nature Retreat

YouTube Deal Makes SiriusXM Exclusive Audio Ad Sales Rep in U.S.

The Best Dry Shampoos for Constantly Oily Hair

Red Dead Redemption 2 Players Stunned By New Feature After 8 Years

H.C. Wainwright reiterates Foghorn Therapeutics stock rating at buy

Kevin Warsh: What Wall Street thinks to scrapping forward guidance and dot plot

TARIL shares crash 11% after Q4 results, dividend announcement: What’s spooking investors?

H.C. Wainwright reiterates Buy on Actuate Therapeutics stock

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays