News & Analysis

Your VPN may have been exposing your private data

Image credit: Pixabay

VPN or Virtual Private Networks are often used for safe browsing while accessing the internet via a public WiFi or to keep your browsing data safe. To do so VPNs mask your online activities along with physical location and route your data through a secured virtual tunnel between the PC and the VPN server.

Thus connecting to the internet via a VPN not only offers you an extra layer of security but it even ensures that your ISP is not able to track your online activities. This becomes helpful in case you want to access region-restricted websites or any other source of information.

While the VPNs were ideated to connect business networks securely over the internet, however, they’re more popular for all sorts for reasons other than what they were originally intended for. Barring a couple of countries, VPNs can be used practically anywhere, though one must remember that any illegal activities carried out while using a VPN remains illegal.

Like any other application or software that carries your data to and fro, VPNs are also meant to have an ample amount of security measures in place to keep your online activities safe. However, a report reveals that a massive trove of unprotected data containing 1.2TB of user details like login credentials, IP addresses, connection timestamps etc was exposed recently. This data belongs to not one but seven different VPNs, including UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN and Rabbit VPN, that openly claim that they do not collect any user information.

This data of over 20 million users also included personally identifiable information like email addresses, unencrypted passwords, IP addresses of their computers, home addresses, their phone models and device ID etc.

Upon investigations, it was identified that all of these VPNs belong to a single entity as they all use the same Elasticsearch server, had identical branding, had a single payment recipient and were hosted on the same asset. The server was found to be configured insecurely exposing user details to virtually anyone in the wild.

This data leak is yet another example that shows how important it is to use the services of a brand that is not only trusted but also gets its services audited regularly. After all, apart from your personal details you just cannot afford to have your corporate data available openly on the internet.

Leave a Response