Google’s Massive Undersea Cable Connecting UK, US and Spain
The report stated that these VPNs exposed a database of user logs and API access records without a password or authentication. A separate report pointed out that UFO VPN was just one of the several VPN service providers that were leaking private information.
At the start of July, Comparitech found that Hong Kong-based VPN provider UFO VPN exposed personal user information like plain text passwords, VPN session secrets, IP addresses, connection timestamps, geo-tags, and device and OS characteristics. The company was informed about the same and more than two weeks later, it reportedly fixed the issue, stating that no information was leaked. The leak affects both free and paid customers and reportedly all users of the service are potentially affected, taking the number to 20 million users. This amounts to 894GB of leaked data.
Following this discovery, vpnMentor found that UFO VPN was not the only one and six others that were seemingly connected to a common app developer and white-labelled for other companies were found to be doing the same. These include Fast VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN. Notably, all of these apps claim they do not log any user’s original IP address or user activity. It was found that a total of 1.2TB of data was leaked.
The good news is that the biggest VPN companies that most people probably use have not been implicated in this report.
The team at vpnMentor found that the VPNs share an Elasticssearch server, have a single recipient for payments, Dreamfii HK Limited, and share a lot of the assets.
The potential impact of data leak
This data leak could lead to phishing and fraud, blackmail, viral attack, hacking, doxing, and other forms of cybercrimes. Over 20 million people worldwide could have been exposed to this leak. Users are advised to change their passwords or to switch to a more secure VPN service provider.
It turns out that some of the VPN apps are incredibly popular too, with very good ratings on the Google Play Store and the Apple App Store. Super VPN developed by Hong Kong-based Nownetmobi has a rating of 4.6 stars on the Google Play Store and 4.9 stars on the Apple App Store. UFO VPN developed by Hong Kong-based Dreamfii HK Limited has clocked 4.5 stars on the Google Play Store and 4.8 stars on the Apple App Store.
The vpnMentor research team say they have reached out to all the VPN app developers who are listed here and also the Hong Kong’s Computer Emergency Response Team (HKCERT) with the details. While some of them did not respond, others stated after several days that the issue had been fixed.