1.2TB user data leaked by UFO VPN, Super VPN, Flash VPN and more: Report
Seven popular VPN services have reportedly leaked around 1.2TB user data containing sensitive information.
VPN services may not be as secure as they claim to be. This was found true for eight popular VPN services which have reportedly leaked a mammoth 1.2TB of user data. These VPN apps are still available on the Google Play Store with only one removed so far.
Around 894GB of user data and information from UFO VPN has been exposed on the internet. This was discovered by Comparitech who revealed that the information contains details like account passwords, VPN session secrets/tokens, IP addresses of both client devices and servers, and even the operating system of the devices. And all this information was available in plain text. UFO VPN service is based in Hong Kong, and it has over 10 million installs on Play Store.
According to Comparitech, over 20 million user entries are added in the logs daily. The VPN service provider was also informed of the data leak but denied such claims. UFO VPN said that the user logs are kept for traffic monitoring and that all of it is anonymised.
It was later discovered that there are seven more Hong Kong-based VPN services that have around 1.2TB of user data floating online. The list includes FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, Rabbit VPN and UFO VPN as well. Discovered by VPNmentor, it was found that all these VPN services share a common Elasticsearch server and also the same recipient for payments, Dreamfii HK Limited.
The data exposed from these VPN services contain sensitive information like home addresses, Bitcoin and PayPal payment details, email addresses and passwords, user’s names and more. Dreamfii HK is expected to be the parent company for all these VPN services. As of now, these VPN apps are still available on the Play Store, and only Rabbit VPN has been removed.