The list of VPN providers that you’ll definitely want to avoid has gotten bigger. VPN Mentor is reporting that a group of Hong Kong-based services, which include UFO VPN, Secure VPN, and Rabbit VPN, leaked personally identifiable data for as many as 20 million users! How sensitive was the information, you ask? Well, the data comprises complete activity logs to clear-text passwords and Bitcoin payment information. Needless to say, that’s a huge yikes.
Data Breach Summary
Apps | UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, Rabbit VPN |
Headquarters/Location | Hong Kong |
Industry | Cybersecurity |
Total size of data | 1.207 TB |
Total number of files | 1,083,997,361 records |
No. of people exposed | Over 20 million, based on user numbers claimed by the VPNs |
Geographical scope | Worldwide |
Types of data exposed | Activity logs, PII (names, emails, home address), cleartext passwords, Bitcoin payment information, support messages, personal device information, tech specs, account info, direct Paypal API links |
Potential impact | Fraud, doxing, blackmail, extortion, viral attack, and hacking, arrest, and persecution |
Data storage format | ElasticSearch Server |
And here are some of the brands that the VPNs are marketed under. You may want to avoid these at all costs.
- UFO VPN – “Super private & unlimited fast VPN for Android. Hide IP, unblock sites from 360.”
- Google Play Store: Rating 4.5 stars, 10M+ downloads
- Apple App Store: 4.8 stars
- Developer: Dreamfii HK Limited, Hong Kong
- FAST VPN – “100% Free VPN for gaming: access websites, apps and mobile games unlimited”
- Google Play Store: Rating 4.5 stars, 1M+ downloads
- Apple App Store: Rating 4.6 stars
- Developer: Mobipotato HK Limited, Hong Kong
- FREE VPN – “The best free VPN tunnel for android to unblock content. Feel the outer space!”
- Google Play Store: Rating 4.5 stars, 100k+ downloads
- Apple App Store: Rating 4.6 stars
- Developer: Starxmobi HK Ltd, Hong Kong
- Super VPN – “Super VPN is the best unlimited VPN proxy for android.”
- Google Play Store: 4.6 stars, 1M+ downloads
- Apple App Store: 4.9 stars
- Developer: Nownetmobi, Hong Kong
Logged Web Activity and Technical Details
- Connection logs, traffic, and sites visited
- Origin IP addresses
- Internet Service Provider (ISP)
- Actual location
- Device type
- Device ID
- App version
- Phone models
- User network connection
Amusingly, here’s what UFO states in its privacy policy: “We do not track user activities outside of our site, nor do we track the website browsing or connection activities of users who are using our Services.” So much for that!