Security breach in multiple VPNs causes data leak for millions of users
Cyber security in the news again after the massive Twitter hack the other day, with a security breach in several free VPNs that caused millions of users’ data to leak!
What is free is not always good for the security of your sensitive data and it is valid for a VPN provider.
A VPN allows you to surf the internet anonymously by using different IP addresses in place of your own so that you cannot be identified or tracked.
VpnMentor researchers therefore revealed a security flaw for free VPNs, UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN and Rabbit VPN.
If you were using these free VPNs, your personal data was most likely stolen by hackers.
The site reveals that no less than 20 million users of these VPNs are affected by the leak of this personal data.
VpnMentor has therefore investigated this security flaw and first of all believes that all these free VPNs are the work of the same developer and that the various VPNs mentioned are white marks of the same VPN.
When examining a sample extracted from the database, vpnMentor indicates:
“It displays the package names for many VPN applications writing user data to the unsecured server. The package names all share a similar pattern.
Some of the VPN package names also appear in the app URLs on Google Play, while others may be for Windows or Mac versions of the same app.”
Regarding the most important point, that of the user data leak
These free VPNs claim not to record their users’ activity, vpnMentor has found activity logs on their servers which include names, email addresses, passwords, IP addresses, home addresses, phone models, IDs devices as well as Bitcoin transaction data!
A devastating finding for these free VPNs and which reminds us that it is better to pay a professional and serious VPN provider who will have a team of developers and security specialists to protect the data of its users.
A free service will not have the same financial means to strengthen the security of its service and protect itself from external attack, especially in the case of a VPN service that store a lot of personal information about its users.
Following this serious event concerning the security of these VPNs, the developer corrected the security flaw.
vpnMentor has verified in a second check that the data is secure again on the server.
These security vulnerabilities did not affect other VPNs like the industry heavyweights (CyberGhost. NordVPN, ExpressVPN, PureVPN, Surfshark, VyprVPN, HMA, ProtonVPN).
You must therefore be extra vigilant in choosing a serious VPN provider and avoid so-called free products which will not be able to guarantee the security of your personal data due to a business model based on free access precisely.
Even though large web companies like Twitter are also being hacked, a free platform significantly increases the risk of your data being hacked compared to a paid service that invests in security systems to protect its user databases.