“No-Log” VPN Providers Leak 1.2 TB of Activity Logs and Other User Information

Image: Gem Fortune (Pexels)

The list of VPN providers that you’ll definitely want to avoid has gotten bigger. VPN Mentor is reporting that a group of Hong Kong-based services, which include UFO VPN, Secure VPN, and Rabbit VPN, leaked personally identifiable data for as many as 20 million users! How sensitive was the information, you ask? Well, the data comprises complete activity logs to clear-text passwords and Bitcoin payment information. Needless to say, that’s a huge yikes.

Data Breach Summary

AppsUFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, Rabbit VPN
Headquarters/LocationHong Kong
Total size of data 1.207 TB
Total number of files1,083,997,361 records
No. of people exposedOver 20 million, based on user numbers claimed by the VPNs
Geographical scopeWorldwide
Types of data exposedActivity logs, PII (names, emails, home address), cleartext passwords, Bitcoin payment information, support messages, personal device information, tech specs, account info, direct Paypal API links
Potential impactFraud, doxing, blackmail, extortion, viral attack, and hacking, arrest, and persecution
Data storage formatElasticSearch Server

And here are some of the brands that the VPNs are marketed under. You may want to avoid these at all costs.

  • UFO VPN – “Super private & unlimited fast VPN for Android. Hide IP, unblock sites from 360.”
    • Google Play Store: Rating 4.5 stars, 10M+ downloads
    • Apple App Store: 4.8 stars
    • Developer: Dreamfii HK Limited, Hong Kong
  • FAST VPN – “100% Free VPN for gaming: access websites, apps and mobile games unlimited”
    • Google Play Store: Rating 4.5 stars, 1M+ downloads
    • Apple App Store: Rating 4.6 stars
    • Developer: Mobipotato HK Limited, Hong Kong
  • FREE VPN – “The best free VPN tunnel for android to unblock content. Feel the outer space!”
    • Google Play Store: Rating 4.5 stars, 100k+ downloads
    • Apple App Store: Rating 4.6 stars
    • Developer: Starxmobi HK Ltd, Hong Kong
  • Super VPN – “Super VPN is the best unlimited VPN proxy for android.”
    • Google Play Store: 4.6 stars, 1M+ downloads
    • Apple App Store: 4.9 stars
    • Developer: Nownetmobi, Hong Kong

Logged Web Activity and Technical Details

  • Connection logs, traffic, and sites visited
  • Origin IP addresses
  • Internet Service Provider (ISP)
  • Actual location
  • Device type
  • Device ID
  • App version
  • Phone models
  • User network connection

Amusingly, here’s what UFO states in its privacy policy: “We do not track user activities outside of our site, nor do we track the website browsing or connection activities of users who are using our Services.” So much for that!

Recent News