NordVPN has firmly rejected claims of a data breach after a threat actor surfaced alleged stolen data on a dark web breach forum, purporting to expose the VPN provider’s Salesforce development server.
The incident, first spotted on January 4, underscores the rising tide of unsubstantiated leak claims in underground forums, where actors often peddle fabricated or recycled dumps for extortion or notoriety.
In an official statement released today, NordVPN detailed its rapid response. “Yesterday, on the 4th of January, we have identified a data dump on one of the breach forum websites, containing allegations made by a threat actor claiming to have accessed a ‘NordVPN Salesforce development server.’ We immediately started to verify these claims and now want to address them directly to clarify what happened,” the company wrote.
Forensic analysis by NordVPN’s security team revealed no evidence of compromise in its core infrastructure. “Our security team has completed an initial forensic analysis of the alleged data dump.
While we are continuing our investigation to ensure absolute certainty, we can confirm that, at this stage, there are no signs that NordVPN servers or internal production infrastructure have been compromised,” the statement continued.
The purported leak traces back not to NordVPN’s systems but to a third-party testing platform trialed six months ago. During a standard proof-of-concept (PoC) evaluation for automated testing tools, NordVPN created a temporary environment.
Crucially, no customer data, production code, or live credentials were involved; only dummy data for functionality checks. The vendor was ultimately passed over, and the setup was never linked to production networks.
“The data in question does not originate from NordVPN’s internal Salesforce environment or any other services mentioned in the claim. Instead, our investigation identified that the leaked configuration files were related to a third-party platform, with which we briefly had a trial account,” NordVPN explained.
Claims of breached API tables and database schemas are dismissed as artifacts from this isolated test, containing no pointers to the company’s operations.
NordVPN has reached out to the third-party vendor for further details and reiterated that “NordVPN systems remain fully secure. Your data is safe, and no action is required on your part.”
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
