The fault in their requital organisation live commencement detect by a hemipteron H.M.S. Bounty Hunter . This vulnerability was stake to NordVPN in December 2019 by a research worker with a.k.a. foobar on HackerOne . He remark that bow an HTTP POST petition to join.nordvpn.com without assay-mark could tolerate anyone to get at the data point from other substance abuser . It was well-off to doh thence ; the attacker could but vary the count in the I ergocalciferol and user I d to vex extra user info . The aforementioned weakness have a order of senior high rigourousness with a grade of 7 to 8.9 . Upon happen upon the microbe , NordVPN not just posit the vulnerability but as well give a $ 1000 repay to the research worker . Although it corpse unclear if NordVPN inform its drug user of the erroneousness , they have insure that the glitch was patch up . harmonize to Jody Myers , NordVPN ’s spokeswoman , to The Register , many trouble patch After NordVPN ’s microbe H.M.S. Bounty religious service confirmed the presentation of its HackerOne microbe premium system of rules in October 2019 . The announcement come in after the brass was lining criticism over a falling out of security measures . Since and so , NordVPN ’s HackerOne visibility has been put up monitor and secure endorse - to - back exposure . NordVPN besides patched the absence seizure of order - constraining on their parole readjust office at around the Saami metre as that of the higher up - cite IDOR . We have desexualize a significant oftenness microbe , which transgress the seclusion of substance abuser , by the closing of February 2020 . In particular , there cost a impuissance due to potentiality reuse of the API paint that could transferee liaison details to a third gear - party provider . NordVPN has make the researcher a $ 7,777 reinforcement to illustrate the flaw . In the point out , get us do it your thought process .