Exposed Data From 21 Million VPN Mobile Users

Exposed Data From 21 Million VPN Mobile Users

The data and credentials from 21 million mobile VPN users were found for sale last week in an internet forum. A cyber thief posted the credentials for sale after he allegedly stole the users’ data from mobile VPN Android apps. The data stolen had the users’ emails, full names, usernames, randomly generated password, country of origin, payment information, and even their device IDs.

The involved VPN apps were SuperVPN, GeckoVPN, and ChatVPN – SuperVPN has more than 100 million downloads, GeckoVPN around one million installations and ChatVPN around 50,000 downloads on Google Play, and they are still available to be downloaded and installed. The app’s developers have not yet confirmed the attack, but this is the biggest VPN privacy attack ever registered, a tool created to improve privacy.

The Benefits of Using VPN

The data leak was considered a disaster by cybersecurity specialists as VPN is a service that users’ trust in order to guarantee their privacy online.

VPN (Virtual Private Network) is a service that allows users to encrypt their data and keep their activity online really private – it can be used on domestic connections and even on public Wi-Fi. The VPN keeps the web browsing private and anonymous so no one can track your data, hackers, or even the government.

Some people use VPNs to access content from other countries or geoblocked websites, especially live streams or stream services, as it can change the IP address to appear that the user in another country and bypass the geoblock.

Using a good VPN can open a world of possibilities for anyone, and it should be one of the most trusted services and tools. That’s why this leak was considered a disaster, as the VPN providers should be protecting the credentials and information from their users’ and not be so susceptible to hacker attacks.

Concerns About the VPN Apps

Concerns about VPN usage were raised as soon as the data got leaked and was found for sale on forums, but the question about how this could happen was answered by the alleged hacker. According to him, the VPN apps were not the problem themselves, but the lack of security measures when it comes to the users’ credentials as the majority of them did not change their default password.

This mistake can be done by anyone, but a VPN provider should have a way to keep that default password safe. This way, the hacker could access the three databases easily as they were publicly available.

As CyberNews reported, “the data was taken from publicly available databases that were left vulnerable by the VPN providers due to developers leaving default database credentials in use.”

But the main concern right now is that if the amount of data that was hacked and is now being sold online are actually correct it means that those VPN providers are accessing more information than the ones described on their Privacy Policies.

Choosing the Right VPN Provider

But this exposed data should not scare away those looking for a good VPN provider – this service is still important to encrypt the users’ internet traffic and keep their privacy when it comes to online activity. The first thing is to ensure that the VPN is not logging the online activity from their users’ or is collecting their data.

Although the apps mentioned above are not acting as their privacy policy says, it’s important to read the privacy policy of the VPN before using it to see how they approach possible issues.

A key factor to ensure that the VPN provider is good is by reading trusted reviews done by third-party websites and specialists. It was found that the issues mentioned on the three apps involved in the attack were actually spotted by specialists a few months before.

And most important, check if the VPN provider has a customer support area dedicated to their users and that is fast to contact. This way, any possible issues can be solved and the company is available to be contacted.

By Gary Bernstein

Martin Mendelsohn

Of Rogues, Fear and Chicanery: The Colonial Pipeline Dilemma and CISO/CSO Priorities

The Colonial Pipeline Dilemma The Colonial Pipeline is one of a number of essential energy and infrastructure assets that have been recently targeted by the global ransomware group DarkSide, and other aspiring non-state actors, with ...
Brian Rue

What’s Holding DevOps Back

What’s Holding DevOps Back And How Developers and Businesses Can Vault Forward to Improve and Succeed Developers spend a lot of valuable time – sometimes after being woken up in the middle of the night ...
Doug Hazelman Cloudberry

Managing an Increasingly Complex IT Environment

Managing Complex IT Environments The hybrid work model is here to stay—at least for the time being. That’s how things feel in these still uncertain times. This new way of work that has evolved from ...
James Crowley

Does Open-Source Software Hold the Key to Data Security?

Open-Source Software Data Security Whether you realize it or not, open-source software is everywhere in our everyday tech, from mobile phones to air travel, from streaming Netflix to space exploration. Open-source software has played a ...
Fernando Castanheira

How the Shift to Hybrid Work Will Impact Digital Transformations

The Shift to Hybrid Work Before COVID-19, most enterprises had a digital transformation in flight, but the pandemic threw those programs into hyperdrive. Scrambling to accommodate workforces that were suddenly working online and mostly from ...

CLOUD MONITORING

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Opsview

    Opsview

    Opsview is a global privately held IT Systems Management software company whose core product, Opsview Enterprise was released in 2009. The company has offices in the UK and USA, boasting some 35,000 corporate clients. Their prominent clients include Cisco, MIT, Allianz, NewVoiceMedia, Active Network, and University of Surrey.

  • Nagios

    Nagios

    Nagios is one of the leading vendors of IT monitoring and management tools offering cloud monitoring capabilities for AWS, EC2 (Elastic Compute Cloud) and S3 (Simple Storage Service). Their products include infrastructure, server, and network monitoring solutions like Nagios XI, Nagios Log Server, and Nagios Network Analyzer.

  • Datadog

    DataDog

    DataDog is a startup based out of New York which secured $31 Million in series C funding. They are quickly making a name for themselves and have a truly impressive client list with the likes of Adobe, Salesforce, HP, Facebook and many others.

  • Sematext Logo

    Sematext

    Sematext bridges the gap between performance monitoring, real user monitoring, transaction tracing, and logs. Sematext all-in-one monitoring platform gives businesses full-stack visibility by exposing logs, metrics, and traces through a single Cloud or On-Premise solution. Sematext helps smart DevOps teams move faster.