Seven VPN providers left data of around 20 million users exposed open and accessible.
Seven VPN providers left data of around 20 million users exposed open and accessible.
Security experts from vpnMentor discovered seven free VPN apps left 1.2 terabytes of private user data exposed online for anyone to see due to lack of security measures.
The impacted VPN apps are UFO VPN, FAST VPN, SUPER VPN, Flash VPN, FREE VPN,Rabbit VPN and Secure VPN.
The server contained Personally Identifiable Information (PII) of over 20 million VPN users.
Exposed information contained the users home addresses and email addresses, passwords in plain text, and IP addresses, and it also included the logs of internet activity of the users.
It is surprising because all of these Virtual Private Network services claim that their services are “no-log” VPNs, which means they don't record any activity of their users.
According to the report, all of these Hong Kong-based services have the same developer and app. They are assumed to be white-label solutions repurposed under different brands for multiple companies.
This assumption is made based on the common Elasticsearch server they share, VPNs hosted on the same assets and also have a single recipient for payments.
The experts conducted a series of tests using the UFO_VPN service. They found out that the application was stocking personal details, email addresses, IP addresses, devices and the server they are connected to. The experts also observed that the database logged their username and password used to create their account.
“The VPN server users connected to was also exposed, including its region and IP address. This makes the affected VPN service virtually useless, as the user's origin IP address can be connected to their activity on the target server, ” reported vpnMentor.
”Had the records we viewed been leaked onto the dark web or shared openly, repressive governments could use them to target users in their country for arrest, detention and imprisonment, ” said the experts.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online