Archive for NordVPN

Guest Post: NordVPN Discusses The Fact That Hackers Are Selling Passport Credentials To The Highest Bidder

Posted in Commentary with tags on October 17, 2019 by itnerd

Identity theft is becoming a popular crime. In 2018, the Identity Theft Resource Center saw a 126 percent increase in the number of data breaches, most of which affected sensitive personal information.

Hackers steal passport and ID card data to use it for illegal activities, such as crossing borders and taking bank loans in another person’s name. Cybercriminals only need to get the victim’s full name, birthday, nationality, and passport number to falsify their documents. While most people are aware of the common credit card frauds, not all of them know that stolen passport credentials can put them at more risk.

During a massive data breach at Marriot hotels in 2018, hackers accessed its reservation database, reportedly collecting information on 500 million people. The fraudsters stole guests’ names, surnames, contact information, and dates of birth. On top of that, they got the passport credentials of Marriot clients.

“When cybercriminal attack hotels, they gain access to people’s passports. That leads to a significant risk of the hotel clients  getting their identities stolen. Moreover, passports and ID cards contain information that can be useful for social engineering. Fake IDs are later used to enter or leave the country, open bank accounts, or hide from the authorities,” explains Daniel Markuson, the digital privacy expert at NordVPN.

After stealing passport credentials, online hackers sell them in the black market. They use the data to create physical passports, their digital scans, and templates for finished IDs. The prices of passports in the black market may vary. A physical passport costs an average of $14,000 on the dark web. It may include the passport data, a digital chip, and other components, making it useable in many countries. Proof of identification (for example, a person holding a passport and a scanned copy of it) costs about $61 on the black market. Digital scans cost around $15.

There are ways to find out whether your passport data is being exploited by criminals. According to the Department of Homeland Security, people who come and leave the United States can track their international travel history. The system requires to enter their name, surname, birthday, and a passport number.

However, the function is not available in other countries. Fraudsters may be using people’s private data without the victims being aware of that. Thus, it is important to take some preventative actions to ensure that your identity information stays secure.

“First of all, it is worth paying attention to where you enter your passport data. Only enter your identity information on safe websites. Also, if you know that your sensitive information has been leaked during a data breach, it might be good to invest in checking it online. Finally, changing your passport after a possible data breach can also be an option,” advises Daniel Markuson, the digital privacy expert at NordVPN.

Guest Post: NordVPN Discusses The Social Media Mistakes We All Make

Posted in Commentary with tags on September 11, 2019 by itnerd

Facebook, Twitter, and Instagram are among the top 10 of the world’s most visited websites, the latest report shows. Although billions of people spend thousands of hours every day on these social media platforms, not many of them think of this activity as risky. The risk stems from the careless actions we all sometimes take online when we forget about our privacy.

Daniel Markuson, the digital privacy expert at NordVPN, says that the privacy of your social network account is as important as the content you post. Though the privacy of social networking services as personal choice might be debatable, the expert picked the most common mistakes all users make and explained how to avoid them:



It’s dangerous to reveal too much or too sensitive information, such as locations, plane ticket or passport photos with ID numbers, countdowns until you leave your home for a vacation, new expensive purchases, etc. Criminals lurking online can use that information to steal your identity, break into your house, or simply blackmail you. Moreover, hackers often look for emotionally vulnerable people to attack, so your burst of emotions on social media might be turned against you.

Don’t share your personal details, such as home address and telephone number, on your social media profiles as they can be easily accessible to anyone. Daniel Markuson at NordVPN says it’s better to hold off with posting things online while being away, especially ones that include your location in real time. The expert also argues against posting pictures of any documents that contain sensitive information or scannable codes, such as QR and barcodes. And remember not to share your private feelings or participate in heated online discussions that could catch the eyes of scammers.


Using the same password for all accounts on social media

Imagine your Twitter password gets leaked, and you use the same one for your Facebook and Instagram. A hacker now can block you from your social media accounts, access all your private information, including your photos, and use it in malicious ways.

To avoid possible identity theft, you should use different passwords on different social platforms. It is also a good practice to change your passwords frequently and use strong ones. Daniel Markuson recommends using a password manager, like NordPass. It remembers your complicated passwords or generates them for you as well as lets you store, organize, and access your passwords from anywhere.


Forgetting about the privacy settings of your account

Social media users sometimes forget about cybersecurity as they share sensitive information and add people they don’t know to their friends’ list. However, some of these strangers might be cyber troublemakers who may feed you harmful fake news or send virus links over messages. These people also get access to the pictures and other information you share with your friends.

So don’t become friends on social media with people you don’t know. You can always go through the mutual friends list or things in common before adding a person to your Facebook.

Even if you don’t befriend strangers, but your profile is public, anyone can scrape your data and use it for their own sneaky needs. Daniel Markuson reminds to check who you’re sharing your information with before posting anything online. Make sure your posts are visible to your friends only instead of everyone on the internet.


Doing quizzes

What will you look like in 50 years? Which Game of Thrones character are you? With malware plugins, scammers use these tests to get your personal information. This March, Facebook sued two Ukrainian quiz-makers who had been using such games to access and steal private data from Facebook users. The scammers served Facebook users their own ads instead of officially approved ones.

Although Facebook quizzes seem completely harmless, don’t fall for them. Their algorithms are too simple to tell you the truth, so stay skeptical and just don’t do them. According to Daniel Markuson from NordVPN, if you still can’t resist that tempting test, check what information it requests from your profile and decide whether you really want to share it.


Using social media on unsecure public Wi-Fi 

The latest survey shows that 79% of public Wi-Fi users take considerable risks when choosing a network. They select a hotspot for its Wi-Fi strength, go for a name that sounds appropriate, or simply pick any free option. However, hackers use unsecured public connections to spy on people’s devices and steal their private data, including social media passwords.

Stay extra cautious when connecting to free Wi-Fi at coffee shops, hotels, and other public places, as they may be insufficiently protected. Don’t log in to your social accounts or visit sensitive websites when on public Wi-Fi. One of the best ways to safely use a free hotspot is by installing a VPN, like NordVPN. It will make sure your internet connection is private and no sensitive data can be stolen.

Guest Post: NordVPN Discusses The Fact That Governmental Institutions Around the World Fail to Protect Their Citizens’ Data

Posted in Commentary with tags on September 6, 2019 by itnerd

More and more governments around the world are discussing encryption backdoors to help them fight various criminal activities. However, the data breaches, cyberattacks, and hacks, which we hear about every day, affect not just private companies. Governmental institutions suffer from them too. Due to various software system flaws, millions of unsuspecting citizens have been affected only this year.

Daniel Markuson, the digital privacy expert at NordVPN, says that some governmental institutions believe they are too small and insignificant for hackers to attack them. However, recent events in Baltimore, Florida, and Texas defy this belief. In May, Baltimore struggled with a cyberattack that froze thousands of computers and disrupted real estate sales, water bills, health alerts, and many other services. A few Florida municipalities had to pay hackers a ransom of $1.1 million after municipal employees were locked out of their email accounts and important files. Just recently, in August a ransomware attack hit local governments in Texas, affecting up to 23 entities.

“Out-of-date software used by some governments and a variety of contractors make them an easy target. That’s the most common reason why these institutions get hacked. Updating a digital security system and making it immune to cyberattacks require millions of dollars and high-level skills,” explains Daniel Markuson, the digital privacy expert at NordVPN. “Slow internal processes and complicated procurement procedures add up to the reasons why some organizations are still using unsafe security software. However, data breaches are expensive, and the security of people’s sensitive data should be considered priceless.”

Here are just a few examples of the governmental data breaches that happened this year. They became infamous for the scope and the numbers of citizens affected.

  • This May, Ivan Begtin, a co-founder of a Russian NGO called Informational Culture, discovered and documented several leaks from Russian government sites. The personal information and passport details of 2.25 million citizens, including high-profile politicians and government officials, were exposed online and available for download.
  • In June, five million of Bulgaria’s seven million citizens had their personal data compromised in an attack on the country’s national revenue agency. Both private and social security information on every adult in Bulgaria was exposed – perfect for identity theft or attacking lucrative targets. Half of the leaked database was posted on several public forums.
  • In the late spring of this year, an unknown hacker attacked a US Customs and Border Protection subcontractor and put much of its internal data on the open web for download. The exposed database included photos of travelers’ faces and license plates, surveillance equipment schematics, and sensitive contracting documents. Now, the border surveillance company – the longtime contractor named Perceptics – is suspended from carrying out business with the federal government. However, over 400 GB of data was stolen and 100,000 people were reportedly affected.

Human error is one of the biggest sources of data breaches, according to NordVPN’s Daniel Markuson. Using weak passwords and falling for phishing scams can hurt an organization immensely. The digital privacy professional explains that it is quite easy to leak email and password information when an employee clicks on a virus link, reveals user credentials, or downloads malware attachments. “Just one click can compromise the entire database of an institution,” says digital privacy expert.

Daniel Markuson, the digital security expert at NordVPN, says that we can’t control what information authorities have about us and how they handle it. However, you should take some measures once you hear a company or an institution relevant to you has been hacked. Find out what information has been leaked and act accordingly:

  • If the leaked information included your login details, you should change them immediately. Start using a password generator for creating strong passwords. Set up 2-factor-authentication, which requires a second password or PIN, usually sent to your smartphone.
  • If your payment details were stolen, you should contact your bank as soon as possible and freeze your card. Check your recent statements for any suspicious activity. Set up a fraud alert with the credit bureau that would notify you if someone tries to open new accounts or take out loans using your card.
  • If your ID, passport, or social security number were leaked, inform authorities right away. Prove your identity before anyone else did, issue a fraud alert, and review your Social Security statement and credit reports for any illegal activities or suspicious charges.

Remember, everyone can become a data breach victim. Even governmental institutions that handle our most sensitive information are vulnerable as their cybersecurity is sometimes lacking. Just stay alert and notify authorities whenever there is a need in order to minimize the damage. Hopefully, the authorities learn from the mistakes others endured and start investing more in cybersecurity.

Guest Post: NordVPN Discusses MasterChef Star’s Cyberattack Experience

Posted in Commentary with tags on August 20, 2019 by itnerd

In this digital era, when we sell and buy things online, no one can feel safe about their personal data anymore. Even celebrities are vulnerable to cyberattacks. Last year, a MasterChef finalist Dani Venn fell victim to cybercrime when $250,000 were stolen from her family.

“I thought that something like that would never happen to me,” says the reality TV star. She sold her family home in Melbourne and was planning to buy a new one via the electronic property transfer system Property Exchange Australia (PEXA). “So, for that short window between selling and buying, we were extremely vulnerable. And that’s the moment when the hackers struck and stole our home deposit of $250,000. We were left with no home and no money to buy a new one.”

The unknown hackers compromised the system via Venn’s conveyancer’s account and swiped all the money arranged for the new property. The cybercriminals used the “forgot password” function to intercept the email. They created a new user who changed the payment details of Venn’s transfer to relocate the funds to their bank account.

It took some effort for the stressful story to come to a happy ending, and Dani Venn recalls the incident as her family’s worst nightmare. The young family with two small children had all their life savings missing and no place to stay just because of a software security flaw. “We trusted the system, and we were left homeless,” regrets the famous chef.

After the story gained media attention, PEXA agreed to gift Dani her lost home deposit, so the family could proceed with purchasing their dream property. PEXA reportedly reviewed its security systems to take extra measures for protecting its customers against this type of fraud.

Started using cybersecurity tools

Today, Dani sees cybersecurity with new eyes. “I am more conscious and aware of online security and safety. I would never disclose sensitive information, like bank accounts, via email or online messaging platforms as I may have in the past.” The famous chef and entrepreneur says she takes the attitude that everything we do online is being watched. “That way, you are always thinking twice about sharing personal information.”

To feel safer on the internet, Dani Venn started using NordVPN – a virtual private network that provides her and her family with advanced security and complete privacy online. “Since the incident, I’ve changed the way I use the internet. I frequently change my passwords, and I’ve adopted all kinds of tools. For example, I use NordVPN, which encrypts my traffic, so no one could see what I browse, except me.”

The mother-of-two believes that people aren’t suspicious enough. “Vigilance is the best defense, after all. That’s why you shouldn’t ever click on questionable links or open emails from unknown sources. Take cybersecurity seriously. If you do not know a thing about the subject, and if you use no tools to protect yourself, you’re the target.”

Hackers pick opportunities, not victims

Dani Venn says the most important lesson she learned is not to give hackers opportunities. “Hackers do not pick their victims. They pick opportunities to create victims. For example, you’re browsing on a public Wi-Fi without NordVPN. The hacker is on the same Wi-Fi watching the traffic. If they spot that your traffic is not encrypted, they can spy on anything you’re doing. That’s how we were hacked. The system wasn’t secure, and the hackers exploited it.”

Dani Venn’s story reminds how easy it is to fall victim to cybercrime. Scamming attacks don’t just happen when you respond to dodgy emails. Hackers can find more sophisticated ways to trick you unexpectedly. To protect your sensitive information and improve your security online, the TV star advises using privacy software tools. Her personal recommendation goes to NordVPN.

Guest Post: NordVPN Recaps Products, Technologies & Features

Posted in Commentary with tags on August 9, 2019 by itnerd

The first seven months of the year have been a busy time for NordVPN, one of the most advanced VPN services in the world. The company has released fresh features, announced new products, and adopted pioneering technologies. Here comes a short recap of all the news and a few hints of what else we can expect this year.

By the way, at the moment you can claim your 75% discount for NordVPN and get a 3-year deal for just €2.62/mo or $2.99/mo. The sale is ending soon.

File encryption and password management

NordVPN is moving with confidence towards becoming an all-around cybersecurity solution. This year, the VPN service provider has announced two new cybersecurity tools – NordPass and NordLocker.

NordPass is a new generation password manager, while NordLocker applies end-to-end encryption to files stored on a user’s computer or in the cloud. The company expects to release both new tools this year. At the moment, NordLocker and NordPass are going through closed beta testing.

Faster VPN with NordLynx

A few weeks ago, NordVPN introduced the NordLynx technology built around the WireGuard® VPN protocol. The new technology combines WireGuard’s high-speed connection and NordVPN’s custom double Network Address Translation (NAT) system, which safeguards users’ privacy.

Although WireGuard is easy to implement and is considered to be faster than the current leading protocols, its ability to secure users’ privacy often comes up as a point for discussion. That’s why NordVPN added its own double NAT system, which allows not to store any identifiable user data on the server. At the moment, NordLynx is available for Linux users only.

The new features for iOS

This spring, NordVPN has introduced new features in its iOS app, used by more than 5 million people worldwide. The feature that attracted the most attention was NordVPN’s integration with Shortcuts – Apple’s dedicated app for Siri. Now you can ask Siri: “Hey Siri, where’s my online security?” or “Hey Siri, connect to NordVPN,” and your internet traffic will be encrypted in seconds.

VPN Auto-Connect and CyberSec are two more features that have recently arrived to NordVPN for iOS. With Auto-Connect on, the app will automatically connect to VPN when, for example, you are on public Wi-Fi. CyberSec will protect your iPhone from malware, spyware, stealthy trackers, and from participating in DDoS attacks.

What to expect next

NordLocker and NordPass might not be the only two new products to be launched this year. NordVPN’s team is developing a new business VPN solution, but its launch date remains under wraps for now.

In addition, NordVPN has been actively expanding its retail distribution this year. NordVPN’s subscription boxes are available for sale in brick-and-mortar stores all across the US, Canada, and Germany.

Finally, NordVPN has kept its promise and is actively working on various social responsibility campaigns – from supporting internet freedom projects to fighting censorship.


Guest Post: NordVPN Discusses The Biggest Data Breaches & Leaks Of The First Half of 2019

Posted in Commentary with tags on August 3, 2019 by itnerd

The first six months of 2019 have been enough for data breaches to affect at least a few billion people. The leaked data includes influencers’ phone numbers, security audit logs, student records, banking data, medical records, and much more.

“Assume that if you are online, your data has already been leaked. Criminals can use that data to lure you into a sophisticated phishing attack or influence your votes with personalized ads,” says Daniel Markuson, a digital privacy expert at NordVPN.

According to NordVPN’s digital privacy expert, the US remains the most popular target country for data breaches and hacks, but they’ve been happening all over the world.

Here are the five largest data breaches and leaks of the first six months of the year 2019:

1. Collections #1-5 (approx. 3 billion accounts)

Collections #1-5 was a megaleak containing around 3 billion users’ records. Cybersecurity researcher Troy Hunt discovered links to all these databases being shared on a hacking forum. This is the biggest selection of compromised data ever, collected over time from several other breaches.

  • Collection #1 appeared on the dark web in January. It is said to contain addresses and passwords from over 2000 previous data breaches, which includes the emails and passwords of 770 million people. It appeared on the cloud service MEGA and was available for download via torrent magnet links. Collection #1 contained over 12,000 files and “weighs” more than 87 gigabytes.
  • A few weeks later, a megaleak titled Collections #2-5 containing approximately 25 billion unique records and roughly 2.2 billion unique usernames and passwords became available on the internet. It was distributed through hacker forums and torrent sites. Collections #2-5 amount to 845 gigabytes of stolen data. As with Collection #1, most of the stolen data come from earlier thefts, like the breaches of Yahoo, LinkedIn, and Dropbox. Same as with the first batch of data, most of it came from years-old leaks.

2. Cloud service leak (2.3 billion files)

At the end of May, researchers from the Photon Research Team at Digital Shadows discovered that 2.3 billion files were accessible online due to configuration errors. The data was public across data-sharing and cloud services, online storage services, and companies’ servers. These files included medical scans, credit card details, payroll files, intellectual property patents, and at least 11 million photographs, many of which were considered private images. They went public on a Japanese photo-sharing platform called Theta360. Fortunately, the company reacted quickly and sealed the leak over the next 24 hours.

3. Facebook, WhatsApp, and Instagram (2.1 billion users)

This list would not be complete without Facebook and its companies. They are responsible for a whopping 2.1 billion users’ data getting breached or leaked.

  • In April, a cybersecurity firm called UpGuard found and reported that two third-party Facebook app developers – Mexico-based Cultura Colectiva and an app called At The Pool – stored a total of about 540 million Facebook user data entries on unsecured Amazon Web Services (AWS) servers. This included “comments, likes, reactions, account names, FB IDs, and more” from millions of Facebook users.
  • In May, Facebook-owned WhatsApp was breached. Hackers found and exploited a security flaw that left its users vulnerable to spyware. The exact number of victims is unknown, but the app has 1.5 billion users, all of which could have been affected. An Israeli government surveillance agency called the NSO Group designed the spyware. It could turn on a device’s microphone and camera, gain access to emails and messages, and collect location data.
  • In the second half of May, the contact details of nearly 50 million Instagram users became accessible on a massive unsecured online database. The breached data contains the personal information, such as emails and phone numbers, of high-profile influencers, celebrities, and brand accounts. The database itself was on an Amazon server and was not password-protected. It was traced to a Mumbai-based marketing company called Chtrbox.

4. Internet of Things: Orvibo (2 billion records)

The most recent breach on the list happened at the beginning of July. Noam Rotem and Ran Locar, researchers from vpnMentor, discovered that a user database belonging to a Chinese company called Orvibo, was left openly accessible online. Orbivo runs an Internet of Things management platform. Its database contained over 2 billion logs, including, among other things, users’ passwords, email addresses, geolocation details, and, most disturbingly, reset codes. They could be used to reset passwords and email addresses – leaving the users locked out of their accounts forever.

5. Breaches & collections by Gnosticplayers (over 1 billion accounts)

A hacker called Gnosticplayers has been putting batches of hacked data on a darknet website called Dream Market since mid-February. He stole 1.071 billion credentials from 45 companies by the end of May, a goal he was aiming for.

The hacker requested varying sums of bitcoin in exchange for the stolen info and promoted the data in the mass media. He claimed that his two main goals are money and the “downfall of American pigs.”.

Gnosticplayers released the stolen information in six rounds, which varied in size and price. It contained data from various apps and companies and included users’ full names, email addresses, passwords, location data, social media pages, etc. Some of the affected companies paid fees so that their information would not be released.

One of the largest Australian tech companies, Canva, was affected the most. The company did spot the hacker and managed to close their database server, but not before he stole 139 million users’ data – login information, real names, addresses, etc. 61 million of the passwords were hashed with the bcrypt algorithm, one of the most secure algorithms today. The remaining 78 million accounts used Google tokens, which let users sign up for the service without a password.

Why did he do it? According to the hacker himself, sometimes he put the data for sale just because the companies didn’t encrypt their users’ passwords. “I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry,” the hacker told ZDNet.

Dishonorable mention: medical and financial institutions

It was a difficult half-year for medical and financial institutions as well. A lot of security incidents were relatively small, but the overall number raises concerns. Only few to mention:

Unfortunately, a lot of financial institutions also suffered from similar attacks. Just a few examples:

What it means to digital privacy

These breaches and leaks are more dangerous than they might seem at first. The frequent cyber-attacks could be numbing the public to the privacy risks they represent.

“Due to frequent cyber-attacks and data leaks, people are becoming less attuned to privacy risks,” explains NordVPN‘s digital privacy expert Daniel Markuson. “This may lead to a careless attitude towards their own personal safety, and that would mean more severe damage for all internet users.”

Billions of people were affected only this year. It’s evident that internet users can’t trust companies and even government agencies to keep their data safe. Therefore, they must take cybersecurity into their own hands.

Guest Post: Younger Children Are Using Digital Devices More Than Ever Before Says NordVPN

Posted in Commentary with tags on July 17, 2019 by itnerd

A study from Ofcom about children’s media usage revealed that parents are getting more and more concerned about the internet. At the same time, younger kids are spending more time than ever on digital devices because of their accessibility.

In general, the older the children get, the more they use and interact with media devices and services. Increasingly, the group of 12-15s goes online for the longest time per week. They choose the most ‘over the top’ TV services like Netflix, Now TV, or Amazon Prime Video or a video-sharing website YouTube, and have a social media profile. Also, preschoolers of age 3-4 are spending more time on tablets.

“The number of younger kids using electronic devices connected to the internet is growing at a rapid pace. This means that more people could become victims of cyber attacks or face other threats, such as cyberbullying or offensive content. Thus, parents should become more aware of their children’s activities online and start educating them as early as possible,” says Daniel Markuson, a digital privacy expert at NordVPN.

Compared to the previous year, content created by vloggers was more popular than ever among kids aged 3-15. Such content was also seen as a source of inspiration for creativity. Many of the interviewees upload content both to YouTube and, and it often mimics other popular YouTubers. Also, the rising vloggers’ popularity may be responsible for the increasing pressure to spend money online. Although kids understand that their favorite YouTubers get paid for product endorsement, this doesn’t stop them from buying promoted things.

Considering parental worries, the greatest one is “companies collecting information about what their kid is doing online.” Through the year, three other issues raised more concern: the child damaging their reputation, the pressure on the child to spend money online, and the possibility of the child becoming radicalized online.

Despite rising concerns, parents are sometimes less likely to restrict their child’s activities. In contrast with 2017, in 2018, children aged 12-15 were less likely to say they had received information or advice from their parents or guardians. Some of the parents thought that their kids were using common-sense while interacting online. Others believed that safe internet usage was taught in schools already.

NordVPN recommends that parents spend more time talking to their children about the threats in the digital world. “Cybersecurity education should start at an early age when guardians are still authorities. Limiting certain online activities is often not the best choice. Instead, one should try to explain to their children how important digital reputation, fact-checking, online etiquette, and safety are and how online advertising works. Being open and supportive will gain the child’s trust. Most importantly, a parent or guardian should set the best example they can,” explains Daniel Markuson.

The study ‘Children and parents: Media use and attitudes report 2018’ was released in February 2019.