Free VPN user data leaked in Telegram group

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)

User data of a free VPN service has been leaked by hackers on a Telegram group.

The data breach contained information from i2VPN, and included customer confidential information, like admin email addresses and passwords.

Considering that i2VPN is a virtual private network both available on Google Play and App Store, the leak is thought to potentially impact at least half a million individuals. According to experts, the incident raises "concern about how VPN providers manage their own security/privacy."

i2VPN data breach

"The hackers shared the VPN service’s dashboard URL, admin credentials (email address and password) on an Arabic-speaking hacker channel together with the message 'حالا هی برید vpn های ناامن رایگان نصب کنید,' which, based on a web translation, reads as 'Now go install a free, unsecure VPN service'," reads the report from SafetyDetectives, the team of experts that first discovered the leak.

Together with the information, cybercriminals also shared screenshots of what it looks like to be in the backend of the VPN's admin dashboard. Some sensitive data is revealed here, including data centers and user subscription panels disclosing highly personal details like payment methods and expiry dates.

The breached data was posted on Telegram on May 29, 2023. It's unclear if these leaked VPN credentials have also been shared across further channels.

Developed by i2tek, i2VPN is described as a free VPN proxy server app and counts over 500 thousand downloads just on Google Play. Considering the VPN service is also available on Apple Store, researchers believe that over half a million individuals could be affected in some way.

Screenshot of i2VPN app page on Google Play store

i2VPN counts over 500,000 downloads on Google Play, meaning that the breach could potentially impact at least half a million individuals. (Image credit: Google Play)

The encrypted messaging app Telegram is a great way to keep communication private and anonymous. That's why, among users who genuinely seek to protect their privacy online, many bad actors also take advantage of such a platform to carry out shady activities.

In fact, it's a perfect platform for hackers to share data breaches and make information available to as many people as possible in no time. That's why experts at SafetyDetectives regularly scroll through Telegram groups and the dark web in the lookout of leaks and other suspicious activities.

"By reporting on these incidents, we’re able to inform potentially affected parties earlier so that they can act quickly to protect their data," said the researchers, adding that the report around i2VPN is meant to raise awareness about potential risks rather than confirming the breach. 

"The extent and duration of the claimed exposure and who might have accessed the data remain uncertain. Our intention in sharing this is not to alarm but to educate our readers about potential online vulnerabilities."

What's at stake for users?

Despite the extent of the actual damage to users remianing unknown, the i2VPN incident shows the need to be vigilant at all times when it comes to online security—even when we think we're being protected by an allegedly secure VPN or similar tool.

"This leak raises concern about how VPN service providers manage their own security/privacy, since exposed admin credentials can give ill-intentioned people access to users' personal information or find a backdoor to monitor users’ browsing activities and many other potential threats," a SafetyDetectives spokesperson told TechRadar.

Bad actors could use the breached information for carrying out phishing campaigns, too. Personal credentials might be also used for identity frauds and similar illegal activities. 

Experts suggest all i2VPN users try to enhance their overall online security, especially if they notice unusual activities. They might want to consider another service, or simply change their credentials. Running additional security software like antivirus, password managers and data leak detection apps for protecting from further threats is also recommended. 

"We encourage a proactive approach to online safety, ensuring the safeguarding of personal information wherever possible."

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com