Millions of VPN users have personal details stolen

artistic representation of a hacker
Image credit: Shutterstock (Image credit: Shutterstock)

The user databases of three popular Android VPN services have reportedly been hacked, with millions of user records now put up for sale online.

Databases purportedly from SuperVPN, GeckoVPN, and ChatVPN, together containing a total of twenty one million user records, apparently include sensitive details such as the user’s authentication credentials, according to new research from CyberNews.

If the leaked databases are genuine, what’s even more worrying about the leak is the amount of information that these services log about their users, despite claiming not to do so in their respective privacy policies.

Besides the authentication information, the databases also include email addresses, payment-related data along with the expiration date of the premium accounts. Reportedly, the threat actor is also offering to sort the data by country for potential buyers.

Pervasive data logging

The team of researchers at CyberNews saw snippets from the databases and reveal that the leak also contains information about the user’s devices, and argue that with the right know-how these can be exploited to launch man-in-the-middle (MITM) attacks on the unsuspecting users.

“We reached out to SuperVPN, GeckoVPN, and ChatVPN and asked the providers if they could confirm that the leak was genuine but we have received no responses at the time of writing this report,” the site said.

If one takes the word of the hacker on face value, the databases were publicly accessible and the companies didn’t even follow the basic security procedure of disabling the default database credentials. 

The news is bound to have serious industry-wide repercussions especially considering the fact that the targeted providers are some of the most popular VPN vendors.  

Via: CyberNews

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Latest in VPN Privacy & Security
A computer file surrounded by red laser beams
Cover your tracks: the risk of sending unencrypted files
Using an Amazon Fire Stick on a Smart TV
How to use a VPN with Fire Stick
Close up of PS5 DualSense controller leaning on a PS5
5 reasons your PS5 needs a VPN
Tor
What is Onion over VPN?
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
PrivadoVPN running on an iPhone during TechRadar's VPN tests
Why PrivadoVPN Free is still the best free VPN for streaming
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over