Exposed Data From 21 Million VPN Mobile Users

Exposed Data From 21 Million VPN Mobile Users

The data and credentials from 21 million mobile VPN users were found for sale last week in an internet forum. A cyber thief posted the credentials for sale after he allegedly stole the users’ data from mobile VPN Android apps. The data stolen had the users’ emails, full names, usernames, randomly generated password, country of origin, payment information, and even their device IDs.

The involved VPN apps were SuperVPN, GeckoVPN, and ChatVPN – SuperVPN has more than 100 million downloads, GeckoVPN around one million installations and ChatVPN around 50,000 downloads on Google Play, and they are still available to be downloaded and installed. The app’s developers have not yet confirmed the attack, but this is the biggest VPN privacy attack ever registered, a tool created to improve privacy.

The Benefits of Using VPN

The data leak was considered a disaster by cybersecurity specialists as VPN is a service that users’ trust in order to guarantee their privacy online.

VPN (Virtual Private Network) is a service that allows users to encrypt their data and keep their activity online really private – it can be used on domestic connections and even on public Wi-Fi. The VPN keeps the web browsing private and anonymous so no one can track your data, hackers, or even the government.

Some people use VPNs to access content from other countries or geoblocked websites, especially live streams or stream services, as it can change the IP address to appear that the user in another country and bypass the geoblock.

Using a good VPN can open a world of possibilities for anyone, and it should be one of the most trusted services and tools. That’s why this leak was considered a disaster, as the VPN providers should be protecting the credentials and information from their users’ and not be so susceptible to hacker attacks.

Concerns About the VPN Apps

Concerns about VPN usage were raised as soon as the data got leaked and was found for sale on forums, but the question about how this could happen was answered by the alleged hacker. According to him, the VPN apps were not the problem themselves, but the lack of security measures when it comes to the users’ credentials as the majority of them did not change their default password.

This mistake can be done by anyone, but a VPN provider should have a way to keep that default password safe. This way, the hacker could access the three databases easily as they were publicly available.

As CyberNews reported, “the data was taken from publicly available databases that were left vulnerable by the VPN providers due to developers leaving default database credentials in use.”

But the main concern right now is that if the amount of data that was hacked and is now being sold online are actually correct it means that those VPN providers are accessing more information than the ones described on their Privacy Policies.

Choosing the Right VPN Provider

But this exposed data should not scare away those looking for a good VPN provider – this service is still important to encrypt the users’ internet traffic and keep their privacy when it comes to online activity. The first thing is to ensure that the VPN is not logging the online activity from their users’ or is collecting their data.

Although the apps mentioned above are not acting as their privacy policy says, it’s important to read the privacy policy of the VPN before using it to see how they approach possible issues.

A key factor to ensure that the VPN provider is good is by reading trusted reviews done by third-party websites and specialists. It was found that the issues mentioned on the three apps involved in the attack were actually spotted by specialists a few months before.

And most important, check if the VPN provider has a customer support area dedicated to their users and that is fast to contact. This way, any possible issues can be solved and the company is available to be contacted.

By Gary Bernstein

There Are Still Opportunities For Service Providers

Opportunities For Service Providers Service providers (SPs) still have a golden, but short-lived opportunity to commercialize the $266.4 billion cloud services market before AWS and others call it “game over.” By being more agile, able to ...

How to Apply Website Accessibility in UX and How to Achieve Better User Experience

Design Tweaks: Apply Website Accessibility in UX In this current digital age, websites have become more complex because of the introduction of various aesthetic designs on a web page interface. It especially affects people with ...

Episode 3: The Bottomless Cloud – An Interview with David Friend of Wasabi

Why data is not “the new oil” and why “cloud” means more than we think. In his new book, author David Friend refers to the cloud as "bottomless," and disputes peoples' assessment that data is ...

From Y2K To NYC Parking Meters: Have We Learned Anything About Complacency In Cybersecurity?

Cybersecurity Complacency This past January – in what seems like a different world now – a story briefly hit the headlines and was seen as more of a quirk than a threat. It was soon ...

Episode 9: Taking a Deep Dive into WordPress for Small and Medium Business

Deep Diving Into WordPress WordPress. For a lot of people this name might initially conjure up a place for amateur bloggers, almost a hobbyist site. But nothing could be further from the truth. As an ...

Why the digital infrastructure is a matter of national interest!

Digital Infrastructure National Interest When the Internet was born, it promised a form of democracy and guarantee that everybody could be part and setup their company to contribute and make the Internet better. Today - ...