Technology
Seven VPN Services Like UFO VPN, Rabbit VPN, Quick VPN Leaked More than 1.2 TB Private User Data: Report
Virtual Private Network or VPN services like UFO VPN, Rabbit VPN, Free VPN and four more were found to have leaked more than 1 TB of private user information, as revealed in a recent study. A study reported that without a password or authentication, such VPNs revealed a database of user logs and API access information. A separate study noted that UFO VPN was only one of the providers of VPN services that was leaking private information.
Comparitech found at the beginning of July that the Hong Kong-based VPN provider UFO VPN had exposed personal user information such as plain text passwords, VPN session secrets, IP addresses, connection timestamps, geo-tags, and device and OS features.
The organization was told of the same, and it officially resolved the problem more than two weeks later, claiming that no details had been leaked. The leak affects both free and paying clients, and is reportedly theoretically impacted by all users of the internet, bringing the total to 20 million users. This is 894 GB of data leaked.
Following this discovery, vpnMentor found that UFO VPN was not the only one and six others that appeared to be connected to a common developer of apps, and that white labels were found to do the same for other companies. This includes Fast VPN, Free VPN, Super VPN, Secure VPN, Flash VPN, and Rabbit VPN.
Notably, both of these applications say that they do not record any original IP address or user behavior for users. A total of 1.2 TB of data was classified as leaked.
The good news is that there was no interference in this study by the largest VPN firms that most people will use.
The vpnMentor team found that the VPNs share an Elasticssearch server, have a single payment recipient, Dreamfii HK Limited, and share a lot of the assets. They reached out to the various VPN services involved and although some of them did not respond, others confirmed that the issue had been resolved after several days. Most of these VPN apps also appear in Google Play store.
Potential impact of data leak
This data leak may result in phishing and fraud, blackmail, viral attack, hacking, doxing, and other cybercrime forms. The leak could have revealed more than 20 million people worldwide. Users are advised to switch to a more secure VPN service provider or change their passwords.
