![]() According to the report, the exposed data belonged to as many as 20 million users. ![]() Separate from the NordVPN breach, last July, seven VPN providers were found to have left 1.2 terabytes of private user data exposed online, according to a report published by the cybersecurity researchers at vpnMentor. NordVPN informed Malwarebytes that its customers' data was not affected, and that the breached server did not contain any user activity logs or any other information that could be linked to a particular user. The attacker gained access to the server-which had been active for about a month-by exploiting an insecure remote management system left by the data center provider NordVPN said it was unaware that such a system existed.” ‘One of the data centers in Finland we are renting our servers from was accessed with no authorization,’ said NordVPN spokesperson Laura Tyrell. “NordVPN told TechCrunch that one of its data centers was accessed in March 2018. In 2019, the popular VPN provider NordVPN confirmed to TechCrunch that it suffered a breach the year before. The unfortunate truth about the recent VPN app data leak is that this type of data mishap is nothing new. Following the forum post, the tech outlet CyberNews also discovered that the stolen data included device serial numbers, phone type and manufacturer information, device IDs, and device IMSI numbers.Īccording to CyberNews, the data was taken from “publicly available databases that were left vulnerable by the VPN providers due to developers leaving default database credentials in use.” Not more than one year later, that privacy policy has again been thrown into the spotlight with a data leak that calls into question just what types of information the app was actually collecting.Īccording to the thief who pilfered the information from SuperVPN, GeckoVPN, and ChatVPN, the data for sale includes email addresses, usernames, full names, country names, randomly generated password strings, payment-related data, and a user’s “Premium” status and the corresponding expiration date. Last April, a writer for Tom’s Guide found critical vulnerabilities in the app that so worried him that the review’s headline directed current users to: “ Delete it now.” And just one month later, a reviewer at TechRadarPro said that SuperVPN had a “worthless privacy policy” that was cobbled together from other companies’ privacy policies and which directly contradicted itself. According to Google Play’s count, ChatVPN has earned more than 50,000 installs, GeckoVPN has earned more than 10 million installs, and SuperVPN weighs in as one of the most popular free VPN apps for Android today, with more than 100 million installs to its name.ĭespite SuperVPN’s popularity, it is also one of the most harshly reviewed VPN apps for Android devices. The three apps vary wildly in popularity. In late February, a user on a popular hacking forum claimed that they’d stolen account information and credentials belonging to the users of three, separate VPNs apps available on the Google Play store for Android: SuperVPN, GeckoVPN, and ChatVPN. The data leak of SuperVPN, GeckoVPN, and ChatVPN In that data leak, not only did the VPN providers fail to live up to their words, but they also hoovered up additional data, including users’ email addresses, clear text passwords, IP addresses, home addresses, phone models, and device IDs.įor the average consumer, then, the privacy pitfalls begin to paint an all-too-familiar portrait: Users continue to feel alone when managing their online privacy, even when they rely on tools meant to enhance that privacy.Ĭybersecurity researcher Troy Hunt, who wrote about the recent data leak on Twitter, called the entire issue “a mess, and a timely reminder why trust in a VPN provider is so crucial.” He continued: “This level of logging isn't what anyone expects when using a service designed to *improve* privacy, not to mention the fact they then leaked all the data.” ![]() Two similar blunders have been revealed to the public since 2019, including one massive data leak that exposed several VPN apps’ empty promises to collect “no logs” of their users’ activity. ![]() The attacks, which have not been confirmed by the VPN developers, represent the most recent privacy broadsides against the VPN industry. The data includes email addresses, randomly generated password strings, payment information, and device IDs belonging to users of three VPN apps-SuperVPN, GeckoVPN, and ChatVPN. Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |