Overview
- A user calling themselves 1011 posted on BreachForums claiming to have brute‑forced a NordVPN development server and leaked more than 10 databases with Salesforce API keys and Jira tokens.
- NordVPN says its review shows the material came from an isolated trial environment used about six months ago during a vendor evaluation that was never connected to production.
- The company characterizes the leaked items as dummy data with no real credentials, source code, or user information and says no customer action is needed.
- Screenshots and dumps shared by the hacker lack independent proof they are tied to NordVPN production systems, and the claim remains unverified by outside evidence.
- NordVPN has contacted the third‑party platform and continues monitoring, with coverage noting the firm’s post‑2019 security measures such as bug bounties, audits, and RAM‑only servers.