Virtual private network NordVPN is reportedly dealing with yet another security fallout. Up to 2,000 users were the likely targets of credential-stuffing attacks that granted unauthorized access to their accounts, according to a Friday report. Last week, NordVPN said it was the victim of a data breach in 2018.
Users’ credentials, which contained email addresses, plain-text passwords and expiration dates associated with user accounts, were posted on online forums like Pastebin, according to Ars Technica. The publication polled a small sample of users from a list of 753 credentials and found that passwords for all but one were still being used. Several people reportedly said their accounts were accessed by unauthorized people.
It appears the passwords became public through something called credential stuffing, an attack that uses credentials from one leak to access other accounts with the same username and password, according to the report.
This incident isn’t indicative of a breach on the network’s servers, Ars Technica notes. It stems in part from people choosing simple passwords and using them across more than one site.
Users of NordVPN can check Have I Been Pwned to see if their email address is listed, and if it is, should immediately change their password, Ars Technica notes.