1.2TB user data leaked by UFO VPN, Super VPN, Flash VPN and more: Report

Seven popular VPN services have reportedly leaked around 1.2TB user data containing sensitive information.

By: HT TECH
| Updated on: Jul 20 2020, 09:57 IST
VPN services leaked user data.
VPN services leaked user data.

VPN services may not be as secure as they claim to be. This was found true for eight popular VPN services which have reportedly leaked a mammoth 1.2TB of user data. These VPN apps are still available on the Google Play Store with only one removed so far.

Around 894GB of user data and information from UFO VPN has been exposed on the internet. This was discovered by Comparitech who revealed that the information contains details like account passwords, VPN session secrets/tokens, IP addresses of both client devices and servers, and even the operating system of the devices. And all this information was available in plain text. UFO VPN service is based in Hong Kong, and it has over 10 million installs on Play Store.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
23% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

According to Comparitech, over 20 million user entries are added in the logs daily. The VPN service provider was also informed of the data leak but denied such claims. UFO VPN said that the user logs are kept for traffic monitoring and that all of it is anonymised.

Also read
Looking for a smartphone? To check mobile finder click here.

ALSO READ: Most VPN providers are moving servers from Hong Kong, but one is staying

It was later discovered that there are seven more Hong Kong-based VPN services that have around 1.2TB of user data floating online. The list includes FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, Rabbit VPN and UFO VPN as well. Discovered by VPNmentor, it was found that all these VPN services share a common Elasticsearch server and also the same recipient for payments, Dreamfii HK Limited.

The data exposed from these VPN services contain sensitive information like home addresses, Bitcoin and PayPal payment details, email addresses and passwords, user's names and more. Dreamfii HK is expected to be the parent company for all these VPN services. As of now, these VPN apps are still available on the Play Store, and only Rabbit VPN has been removed.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 20 Jul, 09:05 IST
Tags:
NEXT ARTICLE BEGINS