Hong Kong VPN providers accused of exposing personal person facts

Ruben Fields
August 2, 2020

Almost 1.2TB worth of personal user information was leaked from seven Virtual Private Network (VPN) services. UFO VPN is available on Android (among other platforms), and has over 10 million installations on the Play Store. The information included plain-text account passwords, VPN session secrets/tokens, IP addresses of client devices and servers, the operating system being used, and more.

"Hong Kong-based VPN provider UFO VPN exposed a database of user logs and API access records on the web without a password or any other authentication required to access it". As per various media reports, the amount of user data from 20 million users can go as high as 1.2 TB of data.

Each of these VPNs claims that their services are "no-log" VPNs, which means that they don't record any user activity on their respective apps.

UFO VPN wrote in its privacy policy that the VPN didn't track users' activities outside the site, and it did not "track the website browsing or connection activities of users who are using our Services".

The UFOVPN did not secure the user data despite Comparitech informed it first about the leaked data, until the UFOVPN was reached out by VpnMentor's team.

They include Fast VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN.

Major League Baseball investigation says Marlins players went out, visited bars before coronavirus outbreak
Díaz consistently tested negative while the season was on hold, but he chose to become the first Miami player to opt out. The teams had hoped to resume play Saturday and make up Friday's game as part of a doubleheader Sunday.

One particular of the suppliers, UFO VPN, claimed that it couldn't lock down its information immediately because of to pandemic-associated staff members variations.

That won't be an issue for anyone using a VPN service from the UK, US or other countries.

Discovered by the research team at vpnMentor, the massive database of information was being exposed through an Elasticsearch server that had no security measures.

These scrutinies only imply that there are challenges with white label VPN products, including rebranding actions for services without having to stay with their promises.

It is also specially unsafe for Hong Kong.

Data leaks of such nature may hamper this. This combined has led to a breach worth 1.2TB user data. However, the exposed server essentially gave anyone an easy way to monitor the activities on up to 20 million users. While it's unclear how much of the info was made public, this could easily leave the VPN firms' customers scrambling to switch providers and change login details.

Other reports by

Discuss This Article