[The Exiled]

NordVPN users’ passwords exposed in mass credential-stuffing attacks

Citiraj:

As many as 2,000 users of NordVPN, the virtual private network service that recently disclosed a server hack that leaked crypto keys, have fallen victim to credential-stuffing attacks that allow unauthorized access to their accounts. In recent weeks, credentials for NordVPN users have circulated on Pastebin and other online forums. They contain the email addresses, plain-text passwords, and expiration dates associated with NordVPN user accounts.Readers who are NordVPN users should visit Have I Been Pwned and check to see if their email address is contained in any of the lists. If it is, they should change their passwords immediately. For most people, it’s too hard a task to keep track of scores of strong passwords, but that’s where password managers come in. This protection is especially important since NordVPN doesn't seem to be doing enough to stop these attacks from happening.

Izvor: ArsTechnica