New reports claim that millions of user information from an unprotected database of seven VPN providers were reportedly leaked.
All seven VPN providers are based in Hong Kong and are believed to share a single database. These VPN tools are some of the most popular in the world. What is worrisome is that these firms claim that they are not collecting any user logs.
Comparitech first discovered the issue. It appears that the VPN providers are using a cluster called Elasticsearch. This cluster contains sensitive user data, including IP address, login information, and connection timestamps.
The researchers discovered that the cluster is completely unprotected from remote access. The entire database holds a staggering 1.2TB of information from the seven providers.
"The exposed VPNs are UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN. " –> stop using any of these products. https://t.co/YFuvv6BYhb
— lokman tsui 😷 (@lokmantsui) July 16, 2020
Initially, the researcher thought that only UFO VPN uses the database. However, a closer inspection by a different group of researchers revealed that seven providers use it. The researchers said that this is part of a white-labeling arrangement among the seven providers.
The seven compromised providers are UFO, Rabbit, Secure, Flash, Super, Free, and FAST VPNs. All providers are based in Hong Kong but provide services across the world.
Since the database the providers use is completely unprotected, it was only a matter of time until someone discovers it. This recent breach opens up a lot of questions for VPN users around the world. These services usually sell their products based on anonymity, security, and privacy.
The recent leak proves that these service providers do not necessarily abide by their own rules. Most importantly, the policy of not storing user data appears to be a big scam for many users.
What is even more alarming is the fact that these companies operate in Hong Kong. The city-state is currently at the center of political turmoil with China. Recently, China imposed new security laws that might jeopardize user privacy and data security.
With these new restrictions in place, people in Hong Kong use VPN services to hide their online activities. Not necessarily because they have something illegal, but they want to maintain a certain level of privacy.
This recent breach is a big blow to the VPN industry. An industry that promises privacy to its users broke the very same rule they aim to protect.
Image courtesy of igorstevanovic/Shutterstock