NordVPN Denies Data Breach Claims by Dark Web Threat Actor

NordVPN has rejected claims of a data breach after a threat actor posted alleged stolen data on a dark web forum. The actor asserted the data originated from the VPN provider’s Salesforce development server.

The incident, first spotted on January 4, underscores the rising tide of unsubstantiated leak claims in underground forums, where actors often peddle fabricated or recycled dumps for extortion or notoriety.

In an official statement released today, NordVPN detailed its rapid response. “Yesterday, on the 4th of January, we have identified a Data Breach Claims and now want to address them directly to clarify what happened,” the company wrote.

Forensic analysis by NordVPN’s security team revealed no evidence of compromise in its core infrastructure. “Our security team has completed an initial forensic analysis of the alleged data dump.

While we are continuing our investigation to ensure absolute certainty, we can confirm that, at this stage, there are no signs that NordVPN servers or internal production infrastructure have been compromised,” the statement continued.

The purported leak traces back not to NordVPN’s systems but to a third-party testing platform trialed six months ago. During a standard proof-of-concept (PoC) evaluation for automated testing tools, NordVPN created a temporary environment.

Crucially, no customer data, production code, or live credentials were involved; only dummy data for functionality checks. The vendor was ultimately passed over, and the setup was never linked to production networks.

“The data in question does not originate from NordVPN’s internal Salesforce environment or any other services mentioned in the claim. Instead, our investigation identified that the leaked configuration files were related to a third-party platform, with which we briefly had a trial account,” NordVPN explained.

Claims of breached API tables and database schemas are dismissed as artifacts from this isolated test, containing no pointers to the company’s operations.

NordVPN has reached out to the third-party vendor for further details and reiterated that “NordVPN systems remain fully secure. Your data is safe, and no action is required on your part.”

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.