Breaking News Today

More than 20 million VPN users warned of massive data breach

Published: (Updated: ) in Australian News by .

vpnMentor cybersecurity researchers provided 9New with a report claiming they found an unsecure server.

It's estimated around one billion online records have been exposed in a massive data breach, potentially affecting more than 20 million users of free Virtual Private Network (VPN) apps.

vpnMentor cybersecurity researchers claim they found an unsecured server shared by several VPNs - software designed to protect users' privacy by hiding their identities.

In a report provided to 9News, the researchers say the server was "completely open and accessible, exposing private user data for everyone to see".

vpnMentor cybersecurity researchers claim they found an unsecured server shared by several VPNs (file photo).

It's claimed affected apps include UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN and Rabbit VPN.

Lead researcher Noam Rotem said his team found entries within the exposed database that contained personal details about users, such as email addresses, home addresses, clear text passwords, IP addresses and other identifying information.

"The lack of basic security measures in an essential part of a cybersecurity product is not just shocking," he said.

"It also shows a total disregard for standard VPN practices that put their users at risk."

Some of the VPNs also offer premium services for a fee - the researchers claim they were also able to view logs of people subscribing to them with some payment information.

9News has viewed screengrabs of redacted registration logs - including one belonging to a user based in Australia.

It appears the apps on the exposed server share a common Hong Kong-based owner and developer.

Spokespeople for UFO VPN and Fast VPN issued nearly identical statements to 9News.

"Due to personnel changes caused by COVID-19, we've not found bugs in server firewall rules immediately, which will lead to the potential risk of being hacked. And now it has been fixed," the statements read.

READ:  Body of George Floyd arrives in Texas for final funeral

The companies also claimed they didn't collect all the types of data that the researchers say they found.

Mobipotato - the company representing FastVPN - confirmed the server was at risk from June 29 to July 13.

The other companies did not respond to 9News' requests for comment, and the contact email provided for RabbitVPN bounced back.

Technology expert Trevor Long said internet users should avoid free VPN services.

"VPNs are an excellent and highly recommended way of ensuring your security especially when you're on a public Wi-Fi network or operating remotely from your home or office, but you need to trust a bigger VPN company," he said.

"This is kind of like car insurance, you need to pay for your VPN, it should be a small subscription fee each month.

"For VPNs to become unsecure by someone being able to access their information at the other end, it ruins the whole purpose of a VPN."

Source: 9News

Share This
Finance Advice 2021