Report by Comparitech, around 894GB of user data and information has been leaked on the internet. The leaked information contained details like account passwords, VPN session secrets/tokens, IP addresses of both client devices and servers, and also the operating system of the device. concerns of data storage and privacy breach are at an all-time high following the compromised Twitter accounts of famous personalities across the world, there is another breach of privacy and data localization that has not gone unnoticed.
Seven Hong Kong-based VPN providers that include UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Safe VPN, and Rabbit VPN, which appear to have as many as 20 million users worldwide have reportedly leaked their user data online. The report explains, “If bad actors managed to get their hands on the data before it was secured, it could pose several risks to UFO VPN users.
The data exposed from these VPN services include personal information such as home addresses, payment details for Bitcoin and PayPal, e-mail addresses and passwords, usernames, and more. IP addresses could be used to discern users’ whereabouts and corroborate their online activity. If an attacker intercepted encrypted data being sent through the VPN on a compromised wi-fi network, they could conceivably decrypt that data with this information.
The parent company for all those VPN services is believed to be Dreamfii HK. Such VPN applications are still available in the Play Store as of now, and only Rabbit VPN has been dropped. The VPN apps in question are still available on the Google Play Store.