45 Million VPN User Records Have Been Leaked
According to the research by the Comparitech security firm, millions of users are at risk following a massive VPN data leak. It was revealed that user connection logs and account information of several free VPNs, including FreeVPN and DashVPN, had been leaked and exposed on an unprotected server.
Comparitech’s head of security research came across the leaked database as it was freely available on the internet and had already been indexed by Google. The last part means that anybody could find the leaked data via simple googling. The database contains over 300 million records with 45 million VPN users’ personal information, including email addresses, full names, and encrypted passwords.
Keep reading to learn:
- Should VPN Unlimited users be concerned?
- Which VPNs’ data was leaked, besides DashVPN and FreeVPN, and why them?
- What caused the leak?
- What can you do to protect yourself from data leaks in the future?
- Should VPN Unlimited Users be Concerned?
Whenever a VPN data leak occurs, it’s natural for all VPN users to wonder if they, too, were affected. Well, VPN Unlimited users, worry not! Names, passwords, emails, payment info, and other data of VPN Unlimited users have NOT been leaked or exposed in this recent data leak, nor in any previous ones. VPN Unlimited has never leaked its users’ information, and we’re not going to stop this winning streak.
Which VPNs’ Data was Leaked?
Based on Comparitech’s report, this leak has exposed the data of several VPN apps belonging to ActMobile Networks Inc. The report claims that the firm operates the following VPNs:
- Dash VPN
- Dash Net Accelerated VPN
- VPN Pro
In reply to these claims, ActMobile Networks said that they do not maintain databases, and so the findings were false. Furthermore, they threatened to “take action” if Comparitech was to write about them. This was a somewhat shady response if only because several clues, such as the exposed servers’ SSL certificates and user labels, refer to ActMobile's assets.
Which Users of DashVPN, FreeVPN the Leak Affects
The leaked information is for the period from 2017 to 2021, so if you used those VPNs during the period, your data has likely been compromised. Also, it’s important to note that ActMobile themselves denied ownership of the data, claiming that they don’t maintain databases, despite the researcher’s findings.
The leaked information poses a serious cybersecurity risk to users of VPN Pro, Dash Net Accelerated VPN, FreeVPN, and DashVPN. The leak has exposed their personal information for anyone to use however they want. For instance, it could be used to take over users’ accounts, stuff their credentials, or launch phishing attacks. Another possible malicious application is to track the victims by their devices’ revealed IP addresses.
The Timeline of the Data Leak
- On October 6, 2021, search engines, such as Google, indexed the leaked database.
- On October 8, 2021, the head of cybersecurity research of Comparitech found the leaked database freely available online. He reported his findings to ActMobile, to which the company did not respond via any of their communication channels (support, server administrators, domain registrants, etc.)
- On October 15, 2021, the database was shut down. This means that the information had been exposed for at least a week. This is a cybersecurity nightmare, as even just a few hours of the data being exposed would have meant that any hacker could download it for malicious purposes.
- Unsurprisingly, on November 1, 2021, the data appeared on hacker forums, rendering the leak impossible to contain.
What Data was Leaked?
- 45 million user records: last login dates, usernames, email addresses, encrypted passwords, full names
- 281 million user device info records: IP addresses, connection type (mobile or WiFi), country codes, accelerator ID, device and user ID
- 6 million purchase records: receipts and products purchased
- 4 million APN tokens: these are either used in Access Point Names or they are related to the Apple Push Notification service
Luckily, no payment information, such as credit cards, was leaked.
How to Protect Yourself from Data Leaks
This is not the first time an unreliable VPN was uncovered to expose its user database, nor is it likely to be the last. So any cybersecurity-concerned netizen should be asking a question: how do I protect myself from data leaks?
It’s actually not as difficult as you might think! First of all, anyone who values their privacy should choose a no-log VPN. A VPN that doesn’t store user activity logs, like VPN Unlimited, renders data breaches impossible - it simply doesn’t have anything to expose.
Next, make sure that your connection doesn’t leak your information. For this, we have several handy tools:
Finally, stay away from free VPNs. Establishing and maintaining a VPN network takes much time, money, and resources. Any free VPN will either offer insufficient security and performance or use alternative sources of income. This may range from common, albeit annoying, ads to more dubious things like data trading.