Overview
- A threat actor using the alias 1011 posted on BreachForums claiming to brute-force a NordVPN development server.
- The actor asserted access to more than 10 databases and shared samples labeled as Salesforce API keys, Jira tokens, and configuration files.
- NordVPN says the materials came from an isolated trial of an automated testing platform conducted months ago using only dummy data.
- The company states the test setup was never connected to production systems, reports no sensitive information exposure, and says customers do not need to take any action.
- NordVPN has contacted the unnamed vendor and is monitoring, while reporters note the samples resemble development schemas without verification linking them to live infrastructure.