NordVPN customer data exposed after NordVPN breach
Data Leak
Summary
Hide ▲
Show ▼
A disputed NordVPN data leak surfaced after the 1011 actor claimed to dump 10+ databases from a development server, including alleged Salesforce API keys and Jira tokens. NordVPN said the material was dummy data from a temporary third-party test environment used for vendor trial testing, not a production system. The event matters because it shows how exposed test data can trigger breach allegations even when real customer data and active sensitive credentials are not present.
Related Happenings
Grubhub Salesforce and Zendesk data extortion leak
Data Leak
First: 15.01.2026 23:38
Last: 15.01.2026 23:38
Sources 1
About this happening:
**Grubhub** is facing a **data leak extortion** attempt after stolen **Salesforce** and **Zendesk** data were tied to a **February 2025 breach** and a more recent compromise. The...
Grubhub Salesforce and Zendesk data extortion leak
Data LeakAbout this happening: **Grubhub** is facing a **data leak extortion** attempt after stolen **Salesforce** and **Zendesk** data were tied to a **February 2025 breach** and a more recent compromise. The...
Betterment hit by network compromise
Incident
First: 13.01.2026 18:46
Last: 13.01.2026 18:46
Sources 1
About this happening:
Betterment disclosed a January 2026 compromise affecting systems used for customer outreach. Attackers used the access to send cryptocurrency-themed scam emails or messages to som...
Betterment hit by network compromise
IncidentAbout this happening: Betterment disclosed a January 2026 compromise affecting systems used for customer outreach. Attackers used the access to send cryptocurrency-themed scam emails or messages to som...
Target Corporation internal source code and developer documentation leak claim
Data Leak
First: 12.01.2026 19:52
Last: 12.01.2026 19:52
Sources 1
About this happening:
**Target Corporation** is facing an **internal source code and documentation leak claim** centered on sample repositories posted to **Gitea** and a larger archive reportedly being...
Target Corporation internal source code and developer documentation leak claim
Data LeakAbout this happening: **Target Corporation** is facing an **internal source code and documentation leak claim** centered on sample repositories posted to **Gitea** and a larger archive reportedly being...
Latest development: 13.01.2026 15:08
Effective January 9, 2026, Target accelerated a security change so access to git.target.com, Target's on-prem GitHub Enterprise Server used for internal development, now requires a Target-managed network either on-site or via VPN. The server was no longer reachable from the public internet.
Timeline
-
05.01.2026 16:48 2 articles · 4mo ago
NordVPN denies development-server breach claim
Initial DisclosureAfter the 1011 handle claimed on a hacking forum that more than 10 databases were taken from a NordVPN development server, NordVPN said the material was dummy data from a temporary third-party test environment used for vendor trial testing. The company said the environment was deployed months earlier, was never connected to production, and did not contain real customer data, production source code, or active sensitive credentials.
Show sources
- NordVPN denies breach claims, says attackers have "dummy data" — www.bleepingcomputer.com — 05.01.2026 16:48
- NordVPN denies breach claims, says attackers have "dummy data" — www.bleepingcomputer.com — 05.01.2026 16:48