"NordVPN is dangerous" — search for it and you will find no shortage of articles making that claim. Most of them either stoke fear without technical evidence, or conclude "it's safe" without substantiation.
This article examines each major concern about NordVPN one by one, verified against primary sources. We cover both what NordVPN does well and what deserves criticism.
Why NordVPN Is Called "Dangerous"
Concerns about NordVPN fall into five categories:
- The 2018 server breach — one server was accessed without authorization
- No-logs skepticism — is the no-logs claim actually true?
- Company transparency — Panama incorporation, Tesonet/Oxylabs ties
- Auto-renewal and billing issues — class action lawsuits in the US
- VPN limitations — a VPN does not make everything safe
Items 1–4 are NordVPN-specific. Item 5 applies to all VPN services. We examine each below.
The 2018 Server Breach: What Actually Happened
Any discussion of NordVPN's trustworthiness must address the 2018 incident.
What Happened
In March 2018, a single NordVPN server at a Finnish datacenter (Creanova Hosting Solutions) was accessed without authorization.
The cause was a remote management system left in place by the datacenter provider without NordVPN's knowledge. This was not a vulnerability in NordVPN's own software or systems — it was the hosting provider's oversight.
What Was Exposed
The attacker obtained three TLS keys (all were valid at the time of the breach and expired in October 2018). However:
- Decrypting VPN traffic was impossible (TLS keys and VPN encryption keys are separate)
- No logs were stored, so zero user data was exposed
- Only one server was affected
NordVPN's Response
- Immediately terminated the datacenter contract
- Conducted a full infrastructure audit
- Accelerated the transition to RAM-only servers (completed in 2022)
- Launched a HackerOne bug bounty program
- Began migration to colocated servers (self-managed hardware)
The Legitimate Criticism
The incident itself is less concerning than the delayed disclosure. The breach occurred in March 2018 but was not disclosed until October 2019 — a gap of roughly 18 months. NordVPN stated they waited until the full infrastructure audit was complete, but earlier disclosure would have been preferable.
Is the No-Logs Claim Real? Inside the Audits
Many VPNs claim a no-logs policy. Few submit to independent verification.
Six Audit Engagements
NordVPN has completed six independent no-logs audits between 2018 and 2025.
| # | Year | Auditor | Standard |
|---|---|---|---|
| 1 | 2018 | PricewaterhouseCoopers (PwC) | — |
| 2 | 2020 | PricewaterhouseCoopers (PwC) | — |
| 3 | 2022 | Deloitte | ISAE 3000 |
| 4 | 2023 | Deloitte | ISAE 3000 |
| 5 | 2024 | Deloitte | ISAE 3000 |
| 6 | 2025 | Deloitte | ISAE 3000 |
The first two were conducted by PwC (Big 4), with Deloitte (Big 4) taking over from the third audit onward.
What the Auditors Inspected
The sixth audit (November–December 2025) examined:
- VPN servers — standard VPN, Double VPN, Onion over VPN, and obfuscated servers
- Configuration files — server settings and deployment processes
- Technical logs — what system logs exist and their retention periods
- Staff interviews — operational team processes and procedures
Conclusion: "NordVPN's architecture deliberately omits any collection of user-identifying metadata such as IP addresses or timestamps."
What RAM-Only Servers Mean
Since 2022, all NordVPN servers run on diskless RAM-only infrastructure. Pulling the power erases everything. Even physical seizure of a server yields no recoverable data.
Six audits combined with RAM-only servers represent the strongest no-logs evidence in the VPN industry. That said, a "complete proof" of no logging is technically impossible — keep that in mind.
Company Transparency: Panama, Tesonet, and Nord Security
Why Panama
NordVPN's operating company, nordvpn S.A., is incorporated in Panama. Some view this with suspicion, but the choice is legally intentional.
Panama has:
- No data retention laws applicable to VPN providers
- No membership in Five Eyes / Nine Eyes / Fourteen Eyes alliances
This means NordVPN has no legal obligation to store or surrender user data, and since no logs exist, there is nothing to hand over even if requested.
Actual development takes place in Lithuania (Vilnius), with offices in Berlin and Amsterdam. Panama incorporation is a legal strategy to protect user privacy.
The Tesonet Question
Another concern is NordVPN's relationship with Tesonet, a Lithuanian IT company.
Tesonet is also the parent company of Oxylabs, a proxy and data scraping service. This raises an obvious question: "A VPN provider sharing a corporate group with a data collection company?"
The facts:
- Tesonet was an early investor and incubator for Nord Security
- Nord Security now operates as an independent entity
- There is no evidence that NordVPN shares user data with Oxylabs
- Six no-logs audits detected no data-sharing mechanisms
The suspicion is understandable. The evidence of actual data sharing is nonexistent.
Auto-Renewal Issues and Class Action Lawsuits
The most common non-technical criticism of NordVPN involves billing practices.
The Problem
NordVPN's 2-year plan starts at $3.39/month (Basic), but the renewal price can increase significantly. Common complaints:
- Renewal pricing differs from the initial rate
- Charges are applied 14 days before renewal
- The cancellation process is not straightforward
The 2024 Class Action
In 2024, multiple class action lawsuits were filed in the US, seeking a combined $100M in damages. Plaintiffs allege that NordVPN's auto-renewal terms are deceptive and misleading.
The lawsuits are ongoing. NordVPN has not issued a public statement.
How to Protect Yourself
- Check renewal terms before subscribing — confirm the renewal price on NordVPN's pricing page
- Disable auto-renewal — Account settings → Subscription → Cancel auto-renewal
- Set a calendar reminder — decide before the 14-day pre-charge window
What a VPN Cannot Protect You From
Finally, limitations that apply to all VPNs, not just NordVPN.
What a VPN Does Not Stop
- Malware — a VPN encrypts traffic, it does not scan files. Enable Threat Protection Pro or use separate antivirus software
- Phishing — if you enter credentials on a fake site, VPN or not, they are compromised
- Account takeover — password reuse and social engineering bypass any VPN
- Destination logging — a VPN hides traffic from your ISP, but logging into Google still records your activity in Google's systems
Does a VPN Make You Anonymous?
A VPN changes your IP address and encrypts your traffic. It does not provide complete anonymity.
- Browser fingerprinting, cookies, and login states can still identify you
- For true anonymity, consider Tor Browser + VPN + OS-level measures (Tails OS, etc.)
A VPN is a privacy enhancement tool, not an anonymity tool. This distinction matters.
Wrapping Up
A summary of each concern and what the evidence shows:
| Concern | Finding |
|---|---|
| 2018 server breach | Zero user data exposed. Response included RAM-only migration, audits, and bug bounty |
| No-logs credibility | Confirmed by six independent Big 4 audits. RAM-only servers provide technical reinforcement |
| Panama incorporation | A legal choice for privacy protection. Outside Five Eyes jurisdiction |
| Tesonet connection | Early investment relationship. No evidence of data sharing |
| Auto-renewal | Class action lawsuits pending ($100M). Check renewal terms and disable auto-renewal |
NordVPN is not perfect. The delayed breach disclosure and auto-renewal practices deserve criticism. But six audits, RAM-only servers, and a bug bounty program put its security practices at the top of the VPN industry.
The answer to "is NordVPN dangerous?" — based on evidence, its technical security is industry-leading. On the billing side, protect yourself by checking terms upfront.
Related articles:
- NordVPN Review: Pricing, Security, and Performance Tested
- How to Use NordVPN: Setup, Settings, and Troubleshooting
- NordVPN and Netflix: Setup Guide and Troubleshooting
- NordVPN on Linux: CLI Commands, Post-Quantum Encryption, and Docker
- VPN Protocols Compared: WireGuard vs OpenVPN vs IKEv2 Under the Hood
- NordVPN vs ExpressVPN vs Surfshark: An Honest Comparison
- Are Free VPNs Safe? Real Incidents and How to Choose
Official resources:
- NordVPN No-Logs Policy — audit report details
- NordVPN Security Plan — full security improvement roadmap
- HackerOne — Nord Security — bug bounty program