The consumer VPN market has become so competitive in recent times as more people seek to take control of their privacy in the cyber world. Free and premium VPNs have become popular for users to create a more trusted network environment for themselves while on the internet. However, revelations on the breach of NordVPN (one of the popular VPNs with top-rated reviews from various cybersecurity and tech magazines, along with TorGuard VPN and VikingVPN) have raised eyebrows on how much trust users can have while using VPNs.
What We Learned from The Breach
Mistrust Issues
Basically, opting for a VPN is a show of trust in the service. However, NordVPN did not show confidence when addressing the breach to the users. The VPN provider took more than six months after they learned of the incident to address the issue to its users. NordVPN delayed revealing details of the breach and potential threats to users until a twitter outrage began.
Potential Vulnerability due to Negligence
Even while addressing the issue, NordVPN downplayed the potential risks of the breach. Ignoring the fact that VPNs are supposed to secure users from threats in public networks, NordVPN responded, stating how negligible the breach was. Although the breach affected only one server of over 5000 other NordVPN servers, the fact remains that an attack targeted a widely-trusted VPN.
All Businesses Are Susceptible to Breaches
Supply chain attacks are soaring, and this breach shows just how damaging the attacks can be even when one invests in a robust cybersecurity framework. NordVPN quickly stated that the affected server was rented, and the breach was made possible by poor configuration on a third-party datacenter’s part that they were unaware of. That is, the third-party was responsible for the vulnerabilities that resulted in the breach. Businesses must engage their vendors to ensure they comply with all relevant internal and external security regulations.
Are Free VPNs a Good Option?
From the breaches on premium VPN service, one would conclude that there’s no major deal opting for a free VPN in place of the premium VPN services. After the attacks on NordVPN and TorGuard VPN, one would question how different paid and free VPN services are. Essentially, for a good VPN, look out for how secure their systems are through their past and present track record. VPNs are supposed to offer privacy and must be secure from cyberattacks. Otherwise, threat actors could track users’ online activities, just like in public networks.
It is almost impossible to find a free VPN service that possesses the characteristics of a good VPN. Most of them are susceptible to malware (up to 38%) and could compromise your security online. Also, they slow your internet speeds and have a limited quota and bandwidth. Others have annoying ads, and more critically, they can track your online activity. It would be better not to have a VPN if your VPN service provider tracks, stores and sell your online activity.
Although premium VPNs could be targeted for cyberattacks, most trusted providers put in measures to secure all data being handled in the network from the adversaries. For instance, in the case of NordVPN, the attackers had access to only one server and could not track specific details of the less than 200 users who used the server. NordVPN states they do not store any data on online activities of its users, and that browsing on secure protocol HTTPS would make it impossible for any potential tracking of website activities by users.
Conclusion
NordVPN and TorGuard VPN deserve the mistrust they have suffered because of how they handled the breaches and addressed concerns on how they store all data moving forward. Unlike other tech service providers, VPN providers have been less subjected to independent third-party security auditing. However, for safer online browsing, free VPNs will do no good. Opt for good VPNs with better measures regarding your privacy online even if you’ll have to pay.