When the concerns of data storage and privacy breach are at an all-time high following the compromised Twitter accounts of famous personalities across the world, there is another breach of privacy and data localization that has not gone unnoticed.
Seven Hong Kong-based VPN providers that include UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Safe VPN, and Rabbit VPN, which appear to have as many as 20 million users worldwide have reportedly leaked their user data online. As per various media reports, the amount of user data from 20 million users can go as high as 1.2 TB of data.
A research team led by Noam Rotem vpnMentor discovered the server and found Personally Identifiable Information (PII) data obtained via these VPN apps were leaked online. Surprisingly enough, these VPN providers claim to provide “no-log” VPNs, indicating that they do not record any user activity on their network. That at least seems like their major selling point. This announcement comes just days after security researcher Bob Diachenko disclosed that as many as 894 GB worth of records were readily available for unauthorized access in an unsecured Elasticsearch cluster that belonged to UFO VPN.
The data exposed from these VPN services include personal information such as home addresses, payment details for Bitcoin and PayPal, e-mail addresses and passwords, usernames, and more. The parent company for all those VPN services is believed to be Dreamfii HK. Such VPN applications are still available in the Play Store as of now, and only Rabbit VPN has been dropped.
Companies whose functioning is based on data sharing and the internet rely on VPNs to provide a safe network where they can perform their tasks without having to worry about the breach of their privacy and secured networks. But, VPNs too, don’t seem to be too secure nowadays.