It has been found and reported that sensitive user data of over 1TB in size, have been leaked online from seven free Hong Kong VPN services, allegedly with no log policies.
The online leak included connection logs, addresses, payment info, plain text passwords and website activity.
VPNs to Leak Data
Earlier this month, Comparitech found that the Hong Kong-based VPN provider UFO VPN exposed personal user information.
They included plain text passwords, VPN session secrets, IP addresses, connection timestamps, geo-tags, and device and OS characteristics.
Until now, around 7 VPN providers have reportedly leaked over 1TB of private user information, without any password or authentication, according to a new report.
Once UFO VPN was informed about the leak, it reportedly fixed the issue.
UFO VPN also claimed that it couldn’t lock down its data quickly due to pandemic-related staff changes. It also maintained that the logs were only used for performance monitoring and were supposedly anonymized.
The leak affects both free and paid customers and reportedly all users of the service are potentially affected, taking the number to 20 million users. This amounts to 894GB of leaked data.
Other 6 VPNs Leaking Data
Once Comparitech spotted UFO VPN to leak data, VPNMentor too reported that UFO VPN wasn’t the only service provider to be involved in data leaks.
It found out 6 other VPN providers to have done the same.
They include Fast VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN.
Apparently, all of these 7 VPNs were connected to a common app developer and white labeled for other companies were found to be doing the same.
All of the companies are ultimately white labels that rebranded a common provider’s service.
None of the Biggest VPN Cos were Implicated
While 7 free VPN providers’ sensitive user data were leaked and compromised, it was also reported that none of the biggest VPN companies, used most commonly, were implicated by this leak.
Most of these VPN apps are still listed on the Google Play store.
The incident underscores the problems with white label VPN services. It’s all too easy for some companies to rebrand services without being held to account for their claims.
Thus, if you’re too concerned with the privacy of your data, it may be better to stick to major brands.
It’s also particularly dangerous for Hong Kong. Critics of the government use VPNs precisely to avoid China’s surveillance and censorship.
Data leaks of such nature may hamper this.
This data leak shouldn’t be taken lightly, as it may lead to numerous cases of phishing and fraud.
Over 20 million people worldwide could have been exposed to this leak. Users are advised to change their passwords or switch to a more secure VPN service provider.