NordVPN, a popular and high-profile VPN provider, has admitted that one of its data centres was hacked last year.

The company said that it was compromised via the infrastructure at one of its data centres in Finland in March 2018, where it rented a number of servers. The attackers exploited an insecure remote management system run by the data centre provider to gain access to one of the company's servers.

NordVPN was not aware about the existence of such a management system at that time. Exploiting the vulnerability provided hackers with full root access to the server.

"The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn't have been intercepted either," the company claimed in a mea culpa blog post published late on Monday.

The company published the blog post in response to reports that surface in the security community over the weekend.

"The exact configuration file found on the internet by security researchers ceased to exist on March 5, 2018. This was an isolated case, and no other datacentre providers we use have been affected," it added.

Details of the breach first surfaced over the weekend when a security researcher tweeted that a NordVPN TLS key was circulating on the internet.

While NordVPN was adament that user accounts could not have been compromised, the cyber crooks would have been able to view what websites users were visiting during that time.

And the breach will have affected only users who were connecting through Finland, where the compromised server was located.

According to NordVPN, the only possible way to compromise users was by performing a man-in-the-middle attack enabling the hackers to intercept a single connection accessing the NordVPN server.

The information stolen from the compromised server couldn't have been used to decrypt traffic on any other server, the company added.

NordVPN found out about the breach a "few months ago", but didn't disclose the hack at that time as it wanted to ensure that each component within its infrastructure was secure.

The server was vulnerable between 31st January 2018 and 20th March 2018, but NordVPN believes it was breached only once, during March.

After finding out about the security breach, NordVPN terminated its contract with the server provider, and also started a thorough audit of its entire infrastructure.

The company says it has started to move all of its VPN servers to run in RAM, rather than server hard-disk drives - a lengthy process that is expected to be completed by next year.

"Even though only one of more than 3,000 servers we had at the time was affected, we are not trying to undermine the severity of the issue," the company said. "With this incident, we learned important lessons about security, communication, and marketing."