Exposed Data From 21 Million VPN Mobile Users

Exposed Data From 21 Million VPN Mobile Users

The data and credentials from 21 million mobile VPN users were found for sale last week in an internet forum. A cyber thief posted the credentials for sale after he allegedly stole the users’ data from mobile VPN Android apps. The data stolen had the users’ emails, full names, usernames, randomly generated password, country of origin, payment information, and even their device IDs.

The involved VPN apps were SuperVPN, GeckoVPN, and ChatVPN – SuperVPN has more than 100 million downloads, GeckoVPN around one million installations and ChatVPN around 50,000 downloads on Google Play, and they are still available to be downloaded and installed. The app’s developers have not yet confirmed the attack, but this is the biggest VPN privacy attack ever registered, a tool created to improve privacy.

The Benefits of Using VPN

The data leak was considered a disaster by cybersecurity specialists as VPN is a service that users’ trust in order to guarantee their privacy online.

VPN (Virtual Private Network) is a service that allows users to encrypt their data and keep their activity online really private – it can be used on domestic connections and even on public Wi-Fi. The VPN keeps the web browsing private and anonymous so no one can track your data, hackers, or even the government.

Some people use VPNs to access content from other countries or geoblocked websites, especially live streams or stream services, as it can change the IP address to appear that the user in another country and bypass the geoblock.

Using a good VPN can open a world of possibilities for anyone, and it should be one of the most trusted services and tools. That’s why this leak was considered a disaster, as the VPN providers should be protecting the credentials and information from their users’ and not be so susceptible to hacker attacks.

Concerns About the VPN Apps

Concerns about VPN usage were raised as soon as the data got leaked and was found for sale on forums, but the question about how this could happen was answered by the alleged hacker. According to him, the VPN apps were not the problem themselves, but the lack of security measures when it comes to the users’ credentials as the majority of them did not change their default password.

This mistake can be done by anyone, but a VPN provider should have a way to keep that default password safe. This way, the hacker could access the three databases easily as they were publicly available.

As CyberNews reported, “the data was taken from publicly available databases that were left vulnerable by the VPN providers due to developers leaving default database credentials in use.”

But the main concern right now is that if the amount of data that was hacked and is now being sold online are actually correct it means that those VPN providers are accessing more information than the ones described on their Privacy Policies.

Choosing the Right VPN Provider

But this exposed data should not scare away those looking for a good VPN provider – this service is still important to encrypt the users’ internet traffic and keep their privacy when it comes to online activity. The first thing is to ensure that the VPN is not logging the online activity from their users’ or is collecting their data.

Although the apps mentioned above are not acting as their privacy policy says, it’s important to read the privacy policy of the VPN before using it to see how they approach possible issues.

A key factor to ensure that the VPN provider is good is by reading trusted reviews done by third-party websites and specialists. It was found that the issues mentioned on the three apps involved in the attack were actually spotted by specialists a few months before.

And most important, check if the VPN provider has a customer support area dedicated to their users and that is fast to contact. This way, any possible issues can be solved and the company is available to be contacted.

By Gary Bernstein

Disaster Recovery Plan.png
The Report.png
Answer To Everything.png
The Sticky Note.png
Jonathan Custance
IoT and cloud computing are on the increase High-profile cybersecurity breaches are increasingly in the news, a prime example being the NHS incident of May 2017 when services were brought to a standstill for several ...
Metasploit-Penetration-Testing-Software-Pen-Testing-Security
Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn't help with the world in a current state of disarray and uncertainty. Vulnerabilities leave businesses and individuals subject to a wide range ...
Louis
Manufacturers’ Top Demands For Quality Software Competing on product quality has never been more urgent as rising raw material and component costs continue to squeeze manufacturers’ margins. At the same time, unpredictable supply chains make ...
Damian Ng
3 Cloud Modernization Challenges There’s no denying that migrating to the cloud unlocks multiple benefits for organizations looking to modernize their IT infrastructure. However, the journey to truly unlock the benefits of the cloud and ...
Gilad David Maayan
Cloud Security Posture Management Cloud Security Posture Management (CSPM) enables you to secure cloud data and resources. You can integrate CSPM into your development process, to ensure continuous visibility. CSPM is particularly beneficial for DevOps ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.