VPN (Virtual Private Network) is one of the most used services on the internet and is mostly used to access the websites of other regions that are generally not accessible. However, when someone uses these services, they give the app access to their IP address and other important and critical information. Recently, VPN services like UFO VPN, Rabbit VPN, Free VPN, and four other VPN services have been found to have leaked over 1TB of user information data. The information includes user logs, API access records without any authentication. The incident started from Hong-Kong based UFO VPN, where reports indicated that the company was involved in a data leak from the start of July.
The company already leaked the user’s personal information like plain text passwords, VPN session secrets, IP addresses, connection timestamps, geo-tags, and device and OS characteristics. Although the company did not release any statement about the leak immediately, they announced the same in the next couple of weeks. They stated that no information had been leaked, and the issue has been resolved. However, it was found that the user information of both the free and paid customers was already leaked, affecting over 20 million online users. Following UFO VPN, six other VPN services were also found doing the same thing. The revealing information about the problem was that all the six VPN applications were connected to a common developer.
These VPN services are Fast VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN. Although these apps claim that they do not record any user information, they leaked around 1.2TB of user information. These kinds of data leaks are harmful to the user as they become open to threats like phishing and fraud, blackmail, viral attack, hacking, doxing, and other cybercrimes. With such a leak, the users need to switch to other VPN services, if they use any one of the mentioned services.