Is NordVPN safe to use? We find out
In 2019 the public learned that NordVPN had suffered a data breach in 2018. This attack gave hackers the keys to the castle, making it possible (in principle) for them to intercept the communications of NordVPN customers. In 2019, NordVPN was breached again, exposing the passwords of as many as 2,000 users.
This may have you worried as to whether it’s safe to use this software, and based on our testing and NordVPN reviews, we’re here to give you a better idea of the risk involved.
How VPN technology works
If you already know how VPNs work you can skip this section, and if you want an in-depth guide, you can read our explanation of how VPNs work for the fine details, but to understand the NordVPN situation you’ll need a little background information.
A VPN or Virtual Private Network is a virtual encrypted tunnel that lets you send and receive data to and from a special server, without your Internet Service Provider (ISP) or anyone else on the network (such as public Wi-Fi) knowing what you’re doing on the web.
What did NordVPN do wrong?
According to NordVPN in an official blog post, the major breach in 2018 was the result of security vulnerabilities in a third-party server NordVPN has contracted.
It’s important to understand that most of these VPN services do not own and operate all of their own servers. When you offer thousands of servers spread all over the world, it’s not really feasible to own and physically secure them all.
The only exception we know of is VyprVPN review (in our old VyprVPN review we gave it a solid four stars) which claims to wholly operate and own its VPN infrastructure. The tradeoff being that they offer relatively few servers in a small number of locations, and the service is comparatively expensive.
So it’s not that NordVPN did something different to everyone else, but rather that using third-party infrastructure comes with inherent risks and they happened to be a prominent victim of this.
Another concern is that it took so long for NordVPN to disclose the breach, but the company claims that it “shredded” the server and reported the breach as soon as it knew. Once again, because of the use of a third-party contractor, there was likely a delay in communication.
READ NEXT: The best free VPNs
NordVPN’s security audit
Following the main breach, NordVPN approached a security research team to perform a security audit. In an effort to improve security, vulnerabilities were identified and subsequently removed; NordVPN have since confirmed that their software and systems was, and are, still highly secure.
What we think of NordVPN
Years after the incident, we’ve done a full review of NordVPN and rated it at four stars out of five. Our reviewer found that it was fast, secure and offered numerous useful add-ons. Indeed, NordVPN is currently one of the most technologically impressive VPN services on the market.
The company has its headquarters in Panama: this means that it’s not subject to UK or EU laws that compel companies to keep records of their users. The company also uses their own customised VPN protocol called NordLynx, which is built on the robust WireGuard VPN tunnel technology. With their extra security measures, not even your true IP address is stored on the VPN server. NordVPN even offers a double VPN option, making it far less likely that you’ll suffer a privacy leak.
We found no evidence of security issues in our testing, nor have there been any further known breaches of other disclosed vulnerabilities in the years following that first attack. Plus NordVPN wasn’t the only VPN service to be breached as TorGuard and VikingVPN were also hacked in 2018.
Weighing up all this evidence, we can’t think of a reason why NordVPN should be considered any less safe than any of its VPN peers. Hopefully all VPN providers learned a powerful lesson following those breaches in the late 2010s, but, as always, you should check the latest news and reviews before signing up to any particular service.
READ NEXT: ExpressVPN vs NordVPN
VPNs and a false sense of security
While we don’t believe using NordVPN is less safe than using any of its competitors, this is a technology that easily lulls users into a false sense of security. VPNs are only effective in isolation against other users on your network (such as your ISP or other people on your Wi-Fi) to prevent them from spying on your browsing.
Any company can suffer a data breach, and there is no such thing as 100% guaranteed security. Even when a VPN company promises that they keep no user logs, you only have their word for it until something happens that may prove otherwise.
Don’t forget that you can use several tools to perform a VPN “leak test” and see if your data is truly obscured. Astrill’s VPN leak test is a great option and, since you should never wholly trust one tool, ExpressVPN’s tool is also worth trying too.
For truly serious privacy protection, you’ll need to use more than just a VPN. Consider combining a VPN with TOR. You may also want to use a virtual machine to combat browser fingerprinting or even a special bootable privacy operating system such as TAILS.