Home / News

Over 2 Million VPN Passwords Compromised by Malware Attacks

Protect your privacy:  Get NordVPN  [73% off 2-year plans, 3 extra months]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.
Composite: CircleID illustration

A recent report from Specops Software reveals alarming security vulnerabilities within VPN password systems, highlighting over two million VPN passwords stolen by malware in the past year. The study found 2,151,523 compromised VPN passwords, emphasizing how poor password security practices can nullify the protective benefits of VPNs, which are commonly used by organizations to secure sensitive data.

The research highlighted that some of the most secure and popular VPN providers, including ProtonVPN, ExpressVPN, and NordVPN, have been significantly affected. Over one million ProtonVPN users had their credentials compromised, often due to malware or phishing schemes that target end-user passwords rather than VPN systems themselves.

Growing VPN vulnerabilities: This breach is part of a growing trend of VPN vulnerabilities that have increased alongside the rising popularity of VPN usage. As more organizations and individuals turn to VPNs for security, cybercriminals have similarly adapted their strategies to exploit these platforms. For instance, hackers exploited Check Point’s Remote Access VPN technology in April 2024 to steal Active Directory data and password hashes. Similarly, a Norton VPN breach in December 2022 exposed over 6,000 customer accounts through credential stuffing attacks.

VPN adoption, driven by factors like remote work and heightened privacy concerns, has inadvertently expanded the attack surface for cybercriminals. A surge in VPN use since the COVID-19 pandemic has led to a proportional rise in cybercrime, with cybercriminals taking advantage of VPN misconfigurations, weak user credentials, and vulnerabilities.

Vulnerable user credentials: Furthermore, common and easily guessable passwords like “12345” and “password” were among the most compromised, raising concerns about password strength. Many users rely on weak or reused credentials across services, increasing the risk of widespread breaches. As security experts often warn, the biggest security threat is not a hacker; it’s the user.

Top breached VPN service providers. (Source: Specops)
Top stolen passwordsNumber of times found
1234565,290
1234567894,969
123456784,803
12342,665
123451,792
12345678901,398
admin1,064
0868689849622
password554
qwertyuiop475
1234567460
123123123457
1346a1967429
123123394
kally256394
Suzhou@123388
hosein2181384
qwerty123368
sshstore368
07r7p082izpshdzzx0cxsldenve3berf365
112233348
11111111344
123324
protonvpn314
P@sswOrd306
1111294
02b1176)T284
qwerty282
asdfghjkl269
dyadroid1268

The bottom line: While VPNs offer robust protection, weak or compromised credentials can expose organizations to serious breaches. Continuous monitoring and enforcement of stringent password policies are essential to mitigate these risks and safeguard sensitive corporate networks from potential attacks. Organizations are urged to scan their networks for compromised credentials regularly, reinforcing the importance of vigilant VPN password security.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global