Free VPN applications offering virtual private network services have exposed the private data of nearly 20 million users.
According to VPNMentor, 7 of these popular VPN apps have exposed millions of data because they left the server completely open to access, resulting in “exposing private user data.”
Leaked data includes visited websites, names, addresses, and unencrypted passwords.
Here’s the list of apps:
- UFO VPN
- FAST VPN
- Free VPN
- Super VPN
- Flash VPN
- Secure VPN
- Rabbit VPN
These apps shared the same developer — Hong Kong company Dreamfii and were promoted as ‘no-log’ VPNs that did not require login credentials. Thus, neither the login data was saved nor was any activity recorded, according to the developer. However, VPNMentor has found several instances of internet activity logs on their shared server.
In a statement, UFO VPN explains to Comparitech that no personal data would be collected. “All information gathered on this server is anonymous and should only be used to analyze network performance and user issues to improve service quality,” the company said.
VPNMentor and Comparitech contradict this statement. “Based on some sample data, we do not believe that this data is anonymous,” says Comparitech.
According to VPNMentor, the potential impact of this data breach includes hacking, online pursuit, fraud, extortion, etc. So you must check the reputation of a VPN before making use of it, as this system is often a hook for cybercriminals to steal sensitive data from unsuspecting victims.