Exposed Data From 21 Million VPN Mobile Users

Exposed Data From 21 Million VPN Mobile Users

The data and credentials from 21 million mobile VPN users were found for sale last week in an internet forum. A cyber thief posted the credentials for sale after he allegedly stole the users’ data from mobile VPN Android apps. The data stolen had the users’ emails, full names, usernames, randomly generated password, country of origin, payment information, and even their device IDs.

The involved VPN apps were SuperVPN, GeckoVPN, and ChatVPN – SuperVPN has more than 100 million downloads, GeckoVPN around one million installations and ChatVPN around 50,000 downloads on Google Play, and they are still available to be downloaded and installed. The app’s developers have not yet confirmed the attack, but this is the biggest VPN privacy attack ever registered, a tool created to improve privacy.

The Benefits of Using VPN

The data leak was considered a disaster by cybersecurity specialists as VPN is a service that users’ trust in order to guarantee their privacy online.

VPN (Virtual Private Network) is a service that allows users to encrypt their data and keep their activity online really private – it can be used on domestic connections and even on public Wi-Fi. The VPN keeps the web browsing private and anonymous so no one can track your data, hackers, or even the government.

Some people use VPNs to access content from other countries or geoblocked websites, especially live streams or stream services, as it can change the IP address to appear that the user in another country and bypass the geoblock.

Using a good VPN can open a world of possibilities for anyone, and it should be one of the most trusted services and tools. That’s why this leak was considered a disaster, as the VPN providers should be protecting the credentials and information from their users’ and not be so susceptible to hacker attacks.

Concerns About the VPN Apps

Concerns about VPN usage were raised as soon as the data got leaked and was found for sale on forums, but the question about how this could happen was answered by the alleged hacker. According to him, the VPN apps were not the problem themselves, but the lack of security measures when it comes to the users’ credentials as the majority of them did not change their default password.

This mistake can be done by anyone, but a VPN provider should have a way to keep that default password safe. This way, the hacker could access the three databases easily as they were publicly available.

As CyberNews reported, “the data was taken from publicly available databases that were left vulnerable by the VPN providers due to developers leaving default database credentials in use.”

But the main concern right now is that if the amount of data that was hacked and is now being sold online are actually correct it means that those VPN providers are accessing more information than the ones described on their Privacy Policies.

Choosing the Right VPN Provider

But this exposed data should not scare away those looking for a good VPN provider – this service is still important to encrypt the users’ internet traffic and keep their privacy when it comes to online activity. The first thing is to ensure that the VPN is not logging the online activity from their users’ or is collecting their data.

Although the apps mentioned above are not acting as their privacy policy says, it’s important to read the privacy policy of the VPN before using it to see how they approach possible issues.

A key factor to ensure that the VPN provider is good is by reading trusted reviews done by third-party websites and specialists. It was found that the issues mentioned on the three apps involved in the attack were actually spotted by specialists a few months before.

And most important, check if the VPN provider has a customer support area dedicated to their users and that is fast to contact. This way, any possible issues can be solved and the company is available to be contacted.

By Gary Bernstein

Anita Raj

The Criticality of Data Governance in a Multi-cloud Environment

The Criticality of Data Governance Multi-cloud has emerged as an enterprise favorite in almost no time.  In fact, Security Boulevard  makes a reference to a Forrester Research Report which confirms that almost 86 percent of ...
Kayla Matthews

7 Technology Trends to Look for in 2020

Leading Tech Trends 2020 Cloud computing has become the norm. As of 2019, 94% of IT professionals were using the cloud in some form or another. This widespread adoption means that although it was once a ...
Johan

Why the digital infrastructure is a matter of national interest!

Digital Infrastructure National Interest When the Internet was born, it promised a form of democracy and guarantee that everybody could be part and setup their company to contribute and make the Internet better. Today - ...
Kyle Bernard Author

FlightHub and JustFly on Facial Recognition Technology, Travel and Privacy

Facial Recognition Technology For years facial recognition technology only existed in science books, television and cinema. The idea was brilliant. However, real-world technology hadn’t yet caught up with the concept. That’s changed in recent years ...
Future Fintech

What’s the cloud forecast for 2020?

Tech Agnosticism In 2019, we saw how cloud computing transformed the way data is managed, the way applications are developed and deployed, and also the way IT teams operate. Organizations are starting to experience the ...
Bigcommerce

Magento 1 Is Nearing Its End – Is It Time To Migrate To BigCommerce?

Time To Migrate To BigCommerce? Nearly three years ago, Magento declared that they would be ending support for their Magento 1 software. All versions of Magento from 1.1 – 1.9 would then work without maintenance, ...