Hacker obtains data on thousands of VPN users

Hacker Typing
(Image credit: Shutterstock)

A hacker has managed to steal the entire contents of a VPN provider's website server and they are currently in the process of trying to sell thousands of user records on a popular hacker forum.

As reported by the privacy-focused review site PrivacySharks, the no-logs VPN service LimeVPN has fallen victim to a massive data breach that puts more than 69,000 users of its service at risk.  A hacker who goes by the handle 'slashx' recently posted on RaidForums advertising the fact that they had obtained LimeVPN's entire database and wanted to sell it for $400 in Bitcoin. 

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

PrivacySharks then contacted slashx to learn more about the breach and its researchers discovered that the scraped data from the VPN provider's website includes records from its WHMCS billing system as well as account details including usernames, email addresses and passwords.

The hacker also told PrivacySharks that they are in possession of the private keys of every LimeVPN user which means they can easily decrypt each user's traffic.

LimeVPN data breach

In order to gain new customers and retain their current customers, VPN providers must reassure users that their data will remain private and secure when using their services. In this instance though, LimeVPN's image is now in question as the company had its entire database scraped as the result of a security breach.

At the same time though, LimeVPN's no-logs policy will also likely face additional scrutiny because if the company didn't keep logs on its users, then why was a hacker able to obtain them from its site. This is why ExpressVPN, NordVPN and many of the other top VPN providers in the industry have undergone independent audits to backup the claims of their no logging policies.

Just as PrivacySharks reached out to LimeVPN for a comment on its recent data breach, so too did TechRadar Pro and we were also unsuccessful at getting in touch with someone from the company. Additionally, in the time since PrivacySharks published its blog post on the matter, LimeVPN's website went down and slashx is now selling the company's entire website backup at a much higher price.

While contacting LimeVPN may have been an option for the company's customers at the onset of the breach, PrivacySharks now recommends that users change their passwords, order a new credit card and consider investing in identity theft protection.

We'll likely hear more regarding this data breach once LimeVPN releases an official statement on the matter which could take some time as the company's site is still down at the time of writing.

Via PrivacySharks

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
No broadband network
Massive online data breach sees 2.7 billion records leaked - here's what we know
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Representational image of data security
Travel data of almost 500,000 users exposed in Daytrip leak
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Suitcase next to a bed in a hotel
Millions of hotel users see personal info checked out in huge data leak
A man looking at a tablet with a brown Best Buy package on the desk in front of him
Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk
Latest in VPN Privacy & Security
PrivadoVPN running on an iPhone during TechRadar&#039;s VPN tests
Why PrivadoVPN Free is still a stellar option for streaming
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
PrivadoVPN running on an iPhone during TechRadar&#039;s VPN tests
Why PrivadoVPN Free is still the best free VPN for streaming
Homepage of CloudFlare website on the display of PC, url - CloudFlare.com.
"Network blocking is never going to be the solution" – Cloudflare slams anti-piracy tactics
Panels at RightsCon 2025 during a press briefing about the latest Access Now report of internet shutdowns
2024 was the worst year on record for internet freedoms – again
Vector illustration of the word Censored in a glitch distorted style
Google, Apple, and internet restriction – how Big Tech is making censorship "much worse" according to experts
Latest in News
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
An Nvidia GeForce RTX 4060 on a table with its retail packaging
Nvidia RTX 5060 GPU spotted in Acer gaming PC, suggesting rumors of imminent launch are correct – and that it’ll run with only 8GB of video RAM
Indiana Jones talking to a friend in a university setting with a jaunty smile on his face
New leak claims Indiana Jones and the Great Circle PS5 release will come in April
A close up of the limited edition vinyl turntable wrist watch from AndoAndoAndo
This limited-edition timepiece turns the iconic Technics SL-1200 turntable into a watch, and I want one