World renowned Czech Security firm – Avast, together with one of the largest and most popular virtual private networking (VPN) services provider – NordVPN, suffered a huge and rather extended hacking incident that had a similar cause: unsecured user accounts to their internal systems.
Considering itself as one of the largest, if not, the most popular internet security and antivirus software provider on the market today, Avast, which is based in the Czech Republic, with over 450 Million users around the world.
In a separate yet similar incident, NordVPN, a popular online privacy services provider has a promise to its users : “we protect your privacy online”. But just like Avast, it confirmed the reports that it was just hacked.
For Avast, the target of the hackers was their CCleaner App Users. CCleaner is Avast’s flagship cleanup and repair utility designed for Windows. Avast’s internal network systems was accessed using malware-laced account credentials via a temporary VPN profile that was mysteriously uploaded and remained active for some time and did not require two-factor authentication (2FA).
In the light of the initial hacking reports, Avast has immediately taken CCleaner offline from downloads and checked the codes for possible traces of injected malware. Avast has also managed to re-sign the certificates for both old and new versions of the software via automatic software update last Oct. 15th. This update also prompted for a reset of all user credentials internally.
As for NordVPN, the fault on the incident was rather straightforward: an internal private user key that just expired. This ultimately became the hacker’s backdoor to penetrate the servers and imitate the VPN services. VPN software works by creating an encrypted tunnel between a user’s computer and the VPN provider, thus, providing a completely impenetrable barrier which blocks anyone, even your Internet Service Provider (ISP) from seeing which sites you visit or any communication content on your end.
That’s why millions of users rely on VPN services since it provides them with security and anonymity.
With this consideration, NordVPN somehow belittles the incident in itself saying that while the hackers were able to penetrate one of their servers, using the expired internal private key, they were only able to compromise one among the 3,000 servers that they have in total.
Point taken, but still, it now raises several questions from users, clients, and even cyber security professionals. We must ask ourselves, if security firms and providers like Avast and NordVPN hacking can be easy, how safe is it to still use their services? Should I switch to another provider? If so, how do I know if they’re safe? There are hundreds of questions that come to mind. For now, I recommend to be aware and get updates from your Security provider, it’s also important for us to understand the kind of security needed and what we should do in order to maintain that security.