Saturday, 08 August, 2020

Seven VPN services leaked 1.2TB of personal user information

The new National Security Law enforced through Article 43 cracks down on “separatism subversion terrorism and foreign interference” and has largely been put in place to clamp down on the feisty media Hong Kong was so proud of and curtail freedom Flash VPN, UFO VPN, and five other services leaked 1.2TB of private information Only one has been pulled from the Play Store
Cecil Davis | 02 August, 2020, 05:38

Almost 1.2TB worth of personal user information was leaked from seven Virtual Private Network (VPN) services. Many applications whose data are online have more than a million downloads on the Google Play and App Store and a high user rating.

The initial report claims that Asian-based UFOVPN exposed more than 890 GB of data of users, despite the VPN claims the no log policy on its official website. The leak reportedly included connection logs, addresses, payment info, plain text passwords and website activity.

Many VPN services have data centres in Hong Kong, but the new law requires businesses to hand over data when requested. The Comparitech report states that data of almost 20 million users (both free and paid) amounting to 894GB was leaked. It also preserved that the logs were being only made use of for functionality monitoring and have been supposedly anonymized. The server is being shared by over seven free VPN providers and failed to safeguard their server online.

One particular of the suppliers, UFO VPN, claimed that it couldn't lock down its information immediately because of to pandemic-associated staff members variations. This amounts to 894GB of leaked data.

Spokespersons of Fast VPN and UFO VPN blamed the personal changes caused by COVID-19, where they had failed to find out any bugs in the server firewalls, which could have led to being hacked. Upon reaching out to the affected VPN services, some stated that the issue was fixed while others did not choose to respond.

The report further stated that the team found that VPNs share an Elasticssearch server and have a single recipient for payments, which is Dreamfii HK Limited.

Boston Marathon Bomber’s Death Sentence Overturned by Federal Appeals Court
But they argued that Dzhokar Tsarnaev was less culpable than his brother, who they said was the mastermind behind the attack. Boston Marathon bomber Dzhokhar Tsarnaev is seen in a June 24, 2015, courtroom sketch.

The incident underscores the problems with white label VPN services.

When the concerns of data storage and privacy breach are at an all-time high following the compromised Twitter accounts of famous personalities across the world, there is another breach of privacy and data localization that has not gone unnoticed.

China recently passed a controversial security law that impacts Hong Kong residents, which could also affect those who make use of VPNs in order to organise protests or any kind of activism. With these happening, it might be unsafe for the region since threats to authorities may take advantage of VPNs to stay away from censorship and surveillance from mainland China.

All six VPNs together have reportedly leaked over 1TB user information (1.2TB to be specific).

Over 20 million people worldwide could have been exposed to this leak. Users are advised to change their passwords or switch to a more secure VPN service provider.