this post was submitted on 06 Jan 2026
105 points (99.1% liked)

Technology

78512 readers
2867 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
105
NordVPN denies breach claims, says attackers have "dummy data" (www.bleepingcomputer.com)
submitted 4 days ago by fne8w2ah@lemmy.world to c/technology@lemmy.world
27 comments fedilink hide all child comments
top 27 comments
sorted by: hot top controversial new old
[–] veeesix@lemmy.ca 56 points 4 days ago

​"The leaked elements, such as the specific API tables and database schemas can only be artifacts of an isolated third-party test environment, containing only dummy data used for functionality checks. While no data in the dump points to NordVPN, we have contacted the vendor for additional information," NordVPN explained.

"Because this was a preliminary test and no contract was ever signed, no real customer data, production source code, or active sensitive credentials were ever uploaded to this environment.

"We ultimately chose a different vendor and did not proceed with the one we tested. The environment in question was never connected to our production systems."

I’d love to see the look on 1011’s face having just learned this.

[–] DarkSirrush@piefed.ca 22 points 4 days ago

The company also announced plans to switch to dedicated servers that they own exclusively and to upgrade their entire 5,100-server infrastructure to RAM servers.

Oh, thats going to be expensive this year.

[–] Lembot_0006@programming.dev 22 points 4 days ago (4 children)

Why would *VPN even have ANY data worth taking through breaching?

[–] dublet@lemmy.world 30 points 4 days ago (1 children)

They operate a business that charges for a service, and therefore have user accounts and payment data for those accounts.

[–] john_lemmy@lemmy.ml 11 points 4 days ago (1 children)

There is at least one VPN provider (that I know of) that doesn't record account and payment data. You can send the fee via regular post in a envelope tied to only a random numerical user ID

[–] Postmortal_Pop@lemmy.world 8 points 4 days ago

Mulvad. That's how I do it.

[–] null@piefed.nullspace.lol 5 points 4 days ago (1 children)

Same reason as any other online company?

[–] Lembot_0006@programming.dev 0 points 4 days ago (1 children)

So for selling it to aggregators? That's bad practice for a VPN-providing company.

[–] null@piefed.nullspace.lol 8 points 4 days ago (1 children)

So for selling it to aggregators?

You really think thats the primary function for user data? Not like, billing?

[–] prole@lemmy.blahaj.zone 4 points 4 days ago (1 children)

It wasn't, it was test data

[–] Lembot_0006@programming.dev -5 points 4 days ago (1 children)

You don't have any "test data" if you don't have any "real data". Why would you?

[–] village604@adultswim.fan 7 points 4 days ago* (last edited 4 days ago) (1 children)

Uh.. this entire event is a strong reason for using dummy data in a testing environment. You shouldn't ever use production data in a test environment.

You generate dummy data that looks like real data for testing purposes.

[–] Lembot_0006@programming.dev -5 points 4 days ago* (last edited 4 days ago) (2 children)

You didn't understand what I am saying.

[–] village604@adultswim.fan 4 points 4 days ago (1 children)

I do understand, you just don't seem to understand that this testing environment never contained real data. And you can absolutely generate dummy data without having real data to start with.

[–] Lembot_0006@programming.dev -5 points 4 days ago* (last edited 4 days ago) (1 children)

I do understand,

No, you don't.

[–] village604@adultswim.fan 2 points 4 days ago (1 children)

Ok, then explain it to me.

[–] Lembot_0006@programming.dev -1 points 4 days ago

I say that they shouldn't have any sensitive information at all. And their claim that it was testing data that leaked shows that they do have that sensitive information. It just hasn't leaked yet. At least if we believe in what the company says.

[–] kbobabob@lemmy.dbzer0.com 1 points 4 days ago

I just wanna say that I get what you're saying and this thread was hilarious to me for some reason.

[–] a_non_monotonic_function@lemmy.world 1 points 3 days ago

Because your previous trust is clearly misplaced.

I don't care what somebody's TOS says, I'm going to remain skeptical.