7 free VPN apps leaked the personal data of over 20 million VPN users
Topics: VPN LEAK
The massive data leak was discovered by security researchers at vpnMentor who noted that the shared server, that hosted data collected by the free VPN apps, stored over 1.2TB of data that included 1,083,997,361 data records including email addresses, clear text passwords, IP addresses, home addresses, phone models, device ID, and other technical information belonging to over 20 million users worldwide who used these apps.
These free VPN apps, namely UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN, claimed that they were “no-log” VPNs and did not store any user data but researchers found that their shared server contained detailed internet activity logs of millions of users.
The apps also boasted militarygrade security but their shared server also contained unencrypted plain text passwords.
To verify the authenticity of data stored in the shared server, the researchers downloaded a UFO VPN app to a phone and then used the app to connect to servers around the world. As soon as they did so, they found new activity logs in the Elasticsearch database that contained an email address, location, IP address, and other information about the device that was used to download and run the app. ■