Free VPN Data Breach: 360 Million User Records Exposed
Photo by Privecstasy on Unsplash
In a recent discovery, cybersecurity researcher Jeremiah Fowler uncovered a significant VPN data breach involving a non-password protected database. The exposed database contained over 360 million records that included email addresses, device information, and references to visited websites. The majority of the records were associated with SuperVPN, a free VPN application available on both Apple and Google app stores. Despite reporting the exposure and attempting to contact the developers, no response was received.
The leaked records revealed sensitive information, such as user email addresses, original IP addresses, geolocation data, server usage records, secret keys, Unique App User ID numbers, and UUID Numbers. The database also contained details about refund requests and paid-account information, indicating that the leaked VPN offered paid subscriptions after a free trial. The records contained references to other VPN providers, namely Storm VPN, Luna VPN, Radar VPN, Rocket VPN, and Ghost VPN, suggesting a potential connection between these services.
The ownership of the database remains unclear, but indications point to Qingdao Leyou Hudong Network Technology Co. as the owner. SuperVPN for iOS, iPad, and macOS is credited to Qingdao Leyou Hudong Network Technology Co., while the second app with the same name is developed by SuperSoft Tech. Notably, both companies have similarities in their logos. However, neither company provides sufficient information about their ownership or location on their websites, raising concerns about transparency and security.
This incident serves as a wake-up call for VPN users, emphasizing the importance of choosing a trustworthy and reputable VPN service for ensuring privacy and security. VPN data breaches can expose sensitive user data, compromising login credentials, email addresses, browsing history, IP addresses, and other personal information. Users should select VPN providers that use strong encryption methods, have transparent privacy policies, and regularly update their security protocols.
The article also highlights potential risks associated with VPN services based in China due to strict government regulations on internet usage and content control. Although VPNs are used in China to access restricted content and protect online privacy, they are subject to government monitoring and enforcement actions. Users of Chinese-based VPN services should exercise caution and choose reputable providers.
To avoid potential data breaches and privacy risks, users should be cautious when selecting free VPN services. Red flags to consider include unclear data collection policies, lack of information about the company or developers, absence of DNS-leak protection, and weak encryption methods. Reading user reviews and conducting thorough research can help in making an informed decision about a VPN service.
It is important to note that the article presents factual findings without implying any wrongdoing by the developers of SuperVPN or other listed services. The aim is to raise awareness of cybersecurity issues and data privacy concerns. Users are advised to exercise due diligence, read terms of service and privacy policies, and understand the agreements of any service they choose to use.
