The personal details of millions of users of free Virtual Private Network providers, which aim to protect the privacy of internet users by hiding their identities, have potentially been exposed in a data breach exposing an estimated 1 billion online records.
vpnMentor cybersecurity researchers claim they found an unsecured server shared by several VPNs, software designed to protect users, and say it could potentially affect more than 20 million users.
In a report provided to DigibitUK, the researchers say the server was “completely open and accessible, exposing private user data for everyone to see”.
It claims the affected apps include UFO VPN, Fast VPN, Free VPN, Super VPN, Flash VPN, Secure VPN and Rabbit VPN, Lead researcher Noam Rotem said his team found entries within the exposed database that contained personal details about users, such as email addresses, home addresses, clear text passwords, IP addresses and other identifying information.
“The lack of basic security measures in an essential part of a cybersecurity product is not just shocking, it also shows a total disregard for standard VPN practices that put their users at risk” he said, Some of the VPNs also offer premium services for a fee – the researchers claim they were also able to view logs of people subscribing to them with some payment information. DigibitUK has viewed screen grabs of redacted registration logs – including one belonging to a user based in Australia.
It appears the apps on the exposed server share a common Hong Kong-based owner and developer.
Spokespeople for UFO VPN and Fast VPN issued nearly identical statements in response to questions about the breach: “Due to personnel changes caused by COVID-19, we’ve not found bugs in server firewall rules immediately, which will lead to the potential risk of being hacked. And now it has been fixed”.
The companies also claimed they didn’t collect all the types of data that the researchers say they found, Mobipotato – the company representing FastVPN – confirmed the server was at risk from June 29 to July 13.
The other companies did not respond to requests for comment, and the contact email provided for RabbitVPN bounced back , Internet users should avoid free VPN services, We (DigibitUK) have warned many times with our articles here that Free VPN’s are notorious for farming user data.
“VPNS are an excellent and highly recommended way of ensuring your security especially when you’re on a public wifi network or operating remotely from your home or office, but you need to use a more secure VPN,”
“This is kind of like car insurance, you need to pay for your VPN, it should be a small subscription fee each month.”
“For VPNs to become unsecure by someone being able to access their information at the other end, it ruins the whole purpose of a VPN.”
One little take away from us our CEO here at DigibitVPN – “If your not the customer, you are the product, Please consider other options for your privacy online. This is an important time for users, With everything happening in the world the volume of discussion around privacy is increasing daily & this is a good thing! But we have to manage this better as end users. As i say, Please consider better options than free VPN’s even if that means not being with us! Privacy is key for anyone out there. This is our right & our fight”
The DigibitVPN & DigibitUK Team
True privacy shouldn’t break the bank! This is our right! So grab a 20% discount on our VPN with promo code “NOLIMITS” meaning you can sign up NOW for £2/mnth