Seven VPN providers leak millions of user data

New reports claim that millions of user information from an unprotected database of seven VPN providers were reportedly leaked.

All seven VPN providers are based in Hong Kong and are believed to share a single database. These VPN tools are some of the most popular in the world. What is worrisome is that these firms claim that they are not collecting any user logs.

Unprotected database

Comparitech first discovered the issue. It appears that the VPN providers are using a cluster called Elasticsearch. This cluster contains sensitive user data, including IP address, login information, and connection timestamps.

The researchers discovered that the cluster is completely unprotected from remote access. The entire database holds a staggering 1.2TB of information from the seven providers.

Initially, the researcher thought that only UFO VPN uses the database. However, a closer inspection by a different group of researchers revealed that seven providers use it. The researchers said that this is part of a white-labeling arrangement among the seven providers.

The seven compromised providers are UFO, Rabbit, Secure, Flash, Super, Free, and FAST VPNs. All providers are based in Hong Kong but provide services across the world.

Data leak

Since the database the providers use is completely unprotected, it was only a matter of time until someone discovers it. This recent breach opens up a lot of questions for VPN users around the world. These services usually sell their products based on anonymity, security, and privacy.

The recent leak proves that these service providers do not necessarily abide by their own rules. Most importantly, the policy of not storing user data appears to be a big scam for many users.

In total, 1,083,997,361 logs were collected by the seven providers. This is despite the no-log policies that these companies put in their privacy policy.

What is even more alarming is the fact that these companies operate in Hong Kong. The city-state is currently at the center of political turmoil with China. Recently, China imposed new security laws that might jeopardize user privacy and data security.

With these new restrictions in place, people in Hong Kong use VPN services to hide their online activities. Not necessarily because they have something illegal, but they want to maintain a certain level of privacy.

This recent breach is a big blow to the VPN industry. An industry that promises privacy to its users broke the very same rule they aim to protect.

Image courtesy ofย igorstevanovic/Shutterstock

Micky is a news site and does not provide trading, investing, or other financial advice. By using this website, you affirm that you have read and agree to abide by our Terms and Conditions.
Micky readers - you can get a 10% discount on trading fees on FTX and Binance when you sign up using the links above.