POST Online Media Lite Edition


7 free VPN apps leaked the personal data of over 20 million VPN users

Christian Fernsby |
Seven free VPN apps created by a Hong Kong-based developer were found leaking the personal data of over 20 million VPN users worldwide as their server was found to be completely open and accessible to third parties.

Article continues below

Topics: VPN    LEAK   

The massive data leak was discovered by security researchers at vpnMentor who noted that the shared server, that hosted data collected by the free VPN apps, stored over 1.2TB of data that included 1,083,997,361 data records including email addresses, clear text passwords, IP addresses, home addresses, phone models, device ID, and other technical information belonging to over 20 million users worldwide who used these apps.

These free VPN apps, namely UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN, claimed that they were “no-log” VPNs and did not store any user data but researchers found that their shared server contained detailed internet activity logs of millions of users.

The apps also boasted militarygrade security but their shared server also contained unencrypted plain text passwords.

To verify the authenticity of data stored in the shared server, the researchers downloaded a UFO VPN app to a phone and then used the app to connect to servers around the world. As soon as they did so, they found new activity logs in the Elasticsearch database that contained an email address, location, IP address, and other information about the device that was used to download and run the app.

What to read next

Freedom in the World 2019: US falls to level of Belize and Croatia
New Zealand defense force aims to be world's first smoke-free military
South Korea has most powerful passport in world