The data and credentials from 21 million mobile VPN users were found for sale last week in an internet forum. A cyber thief posted the credentials for sale after he allegedly stole the users’ data from mobile VPN Android apps. The data stolen had the users’ emails, full names, usernames, randomly generated password, country of origin, payment information, and even their device IDs.
The involved VPN apps were SuperVPN, GeckoVPN, and ChatVPN – SuperVPN has more than 100 million downloads, GeckoVPN around one million installations and ChatVPN around 50,000 downloads on Google Play, and they are still available to be downloaded and installed. The app’s developers have not yet confirmed the attack, but this is the biggest VPN privacy attack ever registered, a tool created to improve privacy.
The Benefits of Using VPN
The data leak was considered a disaster by cybersecurity specialists as VPN is a service that users’ trust in order to guarantee their privacy online.
VPN (Virtual Private Network) is a service that allows users to encrypt their data and keep their activity online really private – it can be used on domestic connections and even on public Wi-Fi. The VPN keeps the web browsing private and anonymous so no one can track your data, hackers, or even the government.
Some people use VPNs to access content from other countries or geoblocked websites, especially live streams or stream services, as it can change the IP address to appear that the user in another country and bypass the geoblock.
Using a good VPN can open a world of possibilities for anyone, and it should be one of the most trusted services and tools. That’s why this leak was considered a disaster, as the VPN providers should be protecting the credentials and information from their users’ and not be so susceptible to hacker attacks.
Concerns About the VPN Apps
Concerns about VPN usage were raised as soon as the data got leaked and was found for sale on forums, but the question about how this could happen was answered by the alleged hacker. According to him, the VPN apps were not the problem themselves, but the lack of security measures when it comes to the users’ credentials as the majority of them did not change their default password.
This mistake can be done by anyone, but a VPN provider should have a way to keep that default password safe. This way, the hacker could access the three databases easily as they were publicly available.
As CyberNews reported, “the data was taken from publicly available databases that were left vulnerable by the VPN providers due to developers leaving default database credentials in use.”
But the main concern right now is that if the amount of data that was hacked and is now being sold online are actually correct it means that those VPN providers are accessing more information than the ones described on their Privacy Policies.
Choosing the Right VPN Provider
But this exposed data should not scare away those looking for a good VPN provider – this service is still important to encrypt the users’ internet traffic and keep their privacy when it comes to online activity. The first thing is to ensure that the VPN is not logging the online activity from their users’ or is collecting their data.
A key factor to ensure that the VPN provider is good is by reading trusted reviews done by third-party websites and specialists. It was found that the issues mentioned on the three apps involved in the attack were actually spotted by specialists a few months before.
And most important, check if the VPN provider has a customer support area dedicated to their users and that is fast to contact. This way, any possible issues can be solved and the company is available to be contacted.
By Gary Bernstein
Gary has written for several publications over the last 20 years with his primary focus on technology. He has contributed to sites such as Forbes, Mashable, TechCrunch and several others.