A recent report from Specops Software reveals alarming security vulnerabilities within VPN password systems, highlighting over two million VPN passwords stolen by malware in the past year. The study found 2,151,523 compromised VPN passwords, emphasizing how poor password security practices can nullify the protective benefits of VPNs, which are commonly used by organizations to secure sensitive data.

The research highlighted that some of the most secure and popular VPN providers, including ProtonVPN, ExpressVPN, and NordVPN, have been significantly affected. Over one million ProtonVPN users had their credentials compromised, often due to malware or phishing schemes that target end-user passwords rather than VPN systems themselves.

Growing VPN vulnerabilities: This breach is part of a growing trend of VPN vulnerabilities that have increased alongside the rising popularity of VPN usage. As more organizations and individuals turn to VPNs for security, cybercriminals have similarly adapted their strategies to exploit these platforms. For instance, hackers exploited Check Point’s Remote Access VPN technology in April 2024 to steal Active Directory data and password hashes. Similarly, a Norton VPN breach in December 2022 exposed over 6,000 customer accounts through credential stuffing attacks.

VPN adoption, driven by factors like remote work and heightened privacy concerns, has inadvertently expanded the attack surface for cybercriminals. A surge in VPN use since the COVID-19 pandemic has led to a proportional rise in cybercrime, with cybercriminals taking advantage of VPN misconfigurations, weak user credentials, and vulnerabilities.

Vulnerable user credentials: Furthermore, common and easily guessable passwords like “12345” and “password” were among the most compromised, raising concerns about password strength. Many users rely on weak or reused credentials across services, increasing the risk of widespread breaches. As security experts often warn, the biggest security threat is not a hacker; it’s the user.

The bottom line: While VPNs offer robust protection, weak or compromised credentials can expose organizations to serious breaches. Continuous monitoring and enforcement of stringent password policies are essential to mitigate these risks and safeguard sensitive corporate networks from potential attacks. Organizations are urged to scan their networks for compromised credentials regularly, reinforcing the importance of vigilant VPN password security.