We have already written many times in our pages about the dangers that await you on the Internet. At the same time, experts in the cybersecurity market have already recommended Internet users to use a VPN more than once. Only that a leak of 1.2 TB of data (including logs and plaintext passwords) from seven VPNs has just been discovered.
VPN – What is it?
What is a VPN? This tunnelthrough which traffic flows on the private network between end clients over a public network (such as the Internet). However, it is done in such a way that the nodes of this network are somewhat invisible. In this way, it is possible to optionally compress or encrypt the transmitted data in order to ensure better quality or a higher level of security.
In practice, however, it not only increases our privacy and the level of security when we use the network, but also allows you to take advantage of price promotions and services that may not be available in our country.
However, the portal informed Sekurak.pl, there was an important data leak that belonged to several VPNs.
“The data was sitting on a completely unsecured Elasticsearch instance. What are the VPNs? Here is their list: UFO, FAST VPN, Free VPN, Super VPN, Flash, Secure, Rabbit. According to researchers, the core infrastructure of all these solutions is the same – and different names are just a nice, new sticker for the same product “
– says the portal.
How much data has been leaked? It is said that over a billion records contain such information as:
- Activity logs,
- PII (names, emails, home address),
- cleartext passwords,
- Bitcoin payment information,
- support messages,
- personal device information,
- tech specs,
- account info,
- direct Paypal API links.
“The owner of the systems, fortunately, responded to reporting the problem by pulling out a new” whipping boy “- i.e. COVID-19
– adds Sekurak.
“Due to the personnel changes caused by COVID-19, we did not immediately find errors in the server’s firewall rules, which could potentially lead to a hack. This has now been fixed
– explains the owner of the stolen systems.
If you are a user of one of these tools, think about e.g. changing your passwords.