NordVPN Data Breach Denied After Hacker Claims Leak

Disclosure: Some of the links on this site are affiliate links, meaning that if you click on one of the links and purchase an item, I may receive a commission. All opinions however are my own.

NordVPN has denied claims of a data breach after a hacker said they stole internal data from the company.

The claim appeared on a dark web forum on January 4, 2026. The post quickly raised concerns among privacy-focused users.

The hacker shared files and screenshots as proof. NordVPN responded soon after. The company said its systems remain secure. It added that the leaked files did not come from its internal servers.

NordVPN Data Breach: Hacker Claims Access to Development Data

NordVPN Data Breach

The threat actor used the alias “1011.” They claimed to break into NordVPN’s development infrastructure. According to the post, the attacker used brute-force attacks on a misconfigured server.

The hacker claimed to steal:

  • Database source codes
  • Salesforce API keys
  • Jira access tokens
  • SQL database samples
  • Configuration files

The post included screenshots of database tables. These tables had names linked to APIs and sales systems. The attacker said this proved direct access to NordVPN systems.

Security researchers confirmed the post existed. However, they did not confirm the data was real or recent.

Also read about: ASML Data Breach Denied After False Claims Spread Online

NordVPN Says Systems Are Safe

NordVPN said the claims are false. The company carried out a full investigation. It found no signs of a breach.

According to NordVPN:

  • No internal servers were hacked
  • No production systems were touched
  • No user data was exposed
  • Core infrastructure remains secure

The company said the leaked files came from a third-party platform. NordVPN had used this platform only for a short trial. It was not part of its main systems.

Researchers also found issues with the hacker’s proof:

  • File timestamps were from August 2025
  • Data was several months old
  • API keys did not match real formats
  • No live access evidence appeared

Security experts said development servers are often targeted. These systems test new features. They may not hold user data. Still, weak security settings can attract attackers.

Experts warned that false claims still cause harm. They can damage trust. They also show why companies must secure all environments.

Why this matters

VPN users expect strong security. Even unproven breach claims can raise fear. NordVPN’s response highlights the need for fast checks, clear communication, and strong protection across all systems.

More News To Read:

Scroll to Top