“No-Log” VPN Providers Leak 1.2 TB of Activity Logs and Other User Information

The list of VPN providers that you’ll definitely want to avoid has gotten bigger. VPN Mentor is reporting that a group of Hong Kong-based services, which include UFO VPN, Secure VPN, and Rabbit VPN, leaked personally identifiable data for as many as 20 million users! How sensitive was the information, you ask? Well, the data comprises complete activity logs to clear-text passwords and Bitcoin payment information. Needless to say, that’s a huge yikes.

Data Breach Summary

And here are some of the brands that the VPNs are marketed under. You may want to avoid these at all costs.

• UFO VPN – “Super private & unlimited fast VPN for Android. Hide IP, unblock sites from 360.”
  • Google Play Store: Rating 4.5 stars, 10M+ downloads
  • Apple App Store: 4.8 stars
  • Developer: Dreamfii HK Limited, Hong Kong

• FAST VPN – “100% Free VPN for gaming: access websites, apps and mobile games unlimited”
  • Google Play Store: Rating 4.5 stars, 1M+ downloads
  • Apple App Store: Rating 4.6 stars
  • Developer: Mobipotato HK Limited, Hong Kong

• FREE VPN – “The best free VPN tunnel for android to unblock content. Feel the outer space!”
  • Google Play Store: Rating 4.5 stars, 100k+ downloads
  • Apple App Store: Rating 4.6 stars
  • Developer: Starxmobi HK Ltd, Hong Kong

• Super VPN – “Super VPN is the best unlimited VPN proxy for android.”
  • Google Play Store: 4.6 stars, 1M+ downloads
  • Apple App Store: 4.9 stars
  • Developer: Nownetmobi, Hong Kong

Logged Web Activity and Technical Details

• Connection logs, traffic, and sites visited
• Origin IP addresses
• Internet Service Provider (ISP)
• Actual location
• Device type
• Device ID
• App version
• Phone models
• User network connection

Amusingly, here’s what UFO states in its privacy policy: “We do not track user activities outside of our site, nor do we track the website browsing or connection activities of users who are using our Services.” So much for that!