Seven Hong Kong VPN providers accused of exposing private user data

Flash VPN, UFO VPN, and five other services leaked 1.2TB of private information Only one has been pulled from the Play Store

Details include the Personally identifiable information like email addresses, home addresses, clear text passwords, IP addresses etc.

"A group of free VPN (virtual private network) apps left their server completely open and accessible, exposing private user data for anyone to see", the report said.

They included plain text passwords, VPN session secrets, IP addresses, connection timestamps, geo-tags, and device and OS characteristics.

Comparitech's latest report and an extended investigation from VPNMentor suggests that seven VPNs that claim the zero log policy on their sites have leaked 1.2 TB user data.

That won't be an issue for anyone using a VPN service from the UK, US or other countries.

According to the research, the exposed server appears to belong to one main company, which is then running the seven VPN services under different brand names. "It also preserved that the logs were being only utilised for overall performance checking and have been supposedly anonymized".

The report also stated that the leak must have affected data of all paid and free users which takes the number to 20 million.

The UFOVPN did not secure the user data despite Comparitech informed it first about the leaked data, until the UFOVPN was reached out by VpnMentor's team.

"Hong Kong-based VPN provider UFO VPN exposed a database of user logs and API access records on the web without a password or any other authentication required to access it". One study found that VPN use quadrupled between 2016 and 2018 as consumers rushed to protect data in the wake of scandals, breaches, and hacks. These so-called free VPN apps include the UFOVPN, FreeVPN, SuperVPN, SecureVPN, FlashVPN, RabbitVPN, and FASTVPN.

The report further stated that the team found that VPNs share an Elasticssearch server and have a single recipient for payments, which is Dreamfii HK Limited. Many applications whose data are online have more than a million downloads on the Google Play and App Store and a high user rating.

The incident underscores the problems with white label VPN services.

It is also specially unsafe for Hong Kong. Critics of the government use VPNs precisely to prevent China's surveillance and censorship.

Data leaks of such nature may hamper this.

All six VPNs together have reportedly leaked over 1TB user information (1.2TB to be specific). However, the exposed server essentially gave anyone an easy way to monitor the activities on up to 20 million users.

Related:

Comments


Other news