Top VPN Software Had a Major Security Flaw
upstart writes in with an IRC submission for SoyCow4275:
Top VPN software had a major security flaw:
One of the most popular VPN services available today may have exposed customer payment information due to a significant security flaw.
Security researchers uncovered a vulnerability in the payment platform used by NordVPN, which has millions of users around the world.
The flaw could have allowed hackers access to user account information, including email addresses and shopping history, according to the team at security firm HackerOne.
- What's the truth about the NordVPN breach? Here's what we now know
- Bug bounties have made these hackers millionaires
- NordVPN boosts security with new bug bounty program
UPDATE: NordVPN has told TechRadar Pro that the vulnerability was isolated to three small payment providers and possible to exploit only within a limited timeframe.
"We have confirmed with our tech team that the issue was disclosed on H1 only after evaluating that no data had been exploited," a NordVPN spokesperson told us.
Also at:
NordVPN HTTP POST bug exposed customer information, no authentication required:
Original Submission #1"f Original Submission #2"f
Read more of this story at SoylentNews.