Hong Kong VPN providers accused of exposing personal person facts

Flash VPN, UFO VPN, and five other services leaked 1.2TB of private information Only one has been pulled from the Play Store

This was found true for eight popular VPN services which have reportedly leaked a mammoth 1.2TB of user data. Most of these VPNs had over 10 million downloads on the Google Play Store and iOS App Store.

Earlier this month, Comparitech found that the Hong Kong-based VPN provider UFO VPN exposed personal user information.

They included plain text passwords, VPN session secrets, IP addresses, connection timestamps, geo-tags, and device and OS characteristics.

"Hong Kong-based VPN provider UFO VPN exposed a database of user logs and API access records on the web without a password or any other authentication required to access it".

According to Comparitech, over 20 million user entries are added in the logs daily. Many VPN services register their business in countries where the data laws are favourable to privacy, meaning they won't be asked to turn over data from their servers. The UFO VPN team also stated that the VPN service keeps anonymized data logs to monitor traffic.


That won't be an issue for anyone using a VPN service from the UK, US or other countries. This amounts to 894GB of leaked data. The seven VPN providers claim that don't log original IP address or user activity. The VPN apps include UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN and Rabbit VPN-most of which were used in Kashmir during the internet blockade.

A vpnMentor research team, led by Noam Rotem, a well-known white hat hacker and activist, uncovered the server and found Personally Identifiable Information (PII) data collected by these VPN apps has been leaked online. It is all too straightforward for some companies to rebrand solutions without getting held to account for their statements. If you're concerned about the privacy of your data, it may be better to stick to major brands.

Since the developers of these apps are headquartered in Hong Kong, the team had alerted HK's Computer Emergency Response Team (HKCERT) office.

Data leaks of such nature may hamper this. This increased the leaked data to a total of 1.2 TB.

Opening up, the database within the exposed server contained about one billion records from 20 million users, as researchers claimed. In the meantime, if you use one of the affected services, it's probably time to start changing passwords.

Related:

Comments

Latest news

Broad looks forward to Pakistan series after 500 Test wickets
In a recent development, England have named an unchanged squad from the West Indies game for the first test against Pakistan. England's Stuart Broad , center, celebrates with teammates after dismissing West Indies' John Campbell.

Commissioner Warns MLBPA of Shutdown if Virus Cannot Be Contained
The Marlins were hit with a virus outbreak in Philadelphia, and both Miami and the Phillies are sidelined for at least a week. The Baltimore Orioles and New York Yankees have also needed to change their schedules as part of the collateral damage.

Rivaldo Urges Coutinho To Consider Arsenal Move
Coutinho was ultimately deemed surplus to requirements ahead of the 2019-20 campaign, and Bayern snapped him up on a season-long loan.

Shkodran Mustafi to miss start of next season
But Bellerin could return to the starting XI against Chelsea at Wembley, or at least make the bench. Further assessments during the week identified a significant injury to the right hamstring.

SEC announces schedule changes for 2020 football season
The fan decision will vary from state-to-state across the country as government officials react to virus data in their regions. Ohio State has announced it will plan for 20% capacity for its 100,000-seat stadium this fall.

Other news