- Joined
- May 15, 2016
- Messages
- 13,738
- Likes
- 2,643
- Points
- 1,730
The popular SuperVPN VPN service turned out to be a masked data farm that stored and sold personal data from its users.
Jeremiah Fowler discovered a serious security breach in an open database associated with the popular free SuperVPN VPN service. The database contained 360,308,817 records, with a total volume of 133 GB. A wide range of confidential information was found in these records, including user email addresses, source IP addresses, geolocation data, and server usage records.
In addition, as a result of the leak, secret keys, unique application user numbers and UUID numbers were disclosed, which can be used to identify additional useful information.
Other information found in the database covered models of phones or devices, operating systems, types of Internet connections and versions of VPN applications. In addition, requests for refunds and data on paid accounts were present in the leak.
Although SuperVPN claims to not store user logs, data leakage shows the opposite and is contrary to company policy. It also indicates that “ Almost every major free VPN service is a masked data farm ”.
With growing concerns about online privacy and security, demand for VPN services has increased in recent years. As a result, the market has witnessed a significant increase in the number of VPN applications available to users.
However, this leap of offers has led to an alarming amount of VPN applications that are unreliable and do not provide the expected level of confidentiality and security. This leads to counterproductive user experience, since the lack of adequate security protocols puts their information at risk of being lost as a result of data disruption.
According to vpnMentor, most of the data leak entries were related to SuperVPN, a free VPN application available both on the Apple App Store and on the Google Play Store.
In addition, researchers noted two applications called SuperVPN, each of which belonged to different developers. Qingdao Leyou Hudong Network Technology Co. was the developer of SuperVPN for iOS, iPad and macOS, and SuperSoft Tech developed a second application with the same name.
However, it is important to note that this is NOT the first time SuperVPN is accused of leaking personal data of its unsuspecting users. In fact, as SecurityLab.ru reported in May 2022, SuperVPN was on the list of free VPN services, e of which more than 21 million users have leaked.
In a vpnMentor report, Fowler noted that the email addresses of SuperVPN customer support were related to StormVPN, Luna VPN, RocketVPN and GhostVPN. In addition, links to each of these VPN providers were seen in the database.
Although there is no way to confirm that they all belong to the same company, it would not come as a surprise if it were so. The proliferation of unreliable VPN applications can be attributed to prospective developers seek to capitalize on the growing demand for privacy and security.
The VPN industry has become highly profitable with millions of users around the world who seek to find reliable solutions to protect their online presence. In this situation, some developers give priority to monetary benefits over user safety by focusing on fast and cheap marketing and distribution of VPN applications.
Therefore, for one company to produce several VPN applications with different names and slightly different functionality, allows it to reach more users.
When choosing a free VPN service, you must be careful and take into account certain red flags that indicate potential risks. These include:
Fuzzy data collection and use policies: Make sure VPN service does not store your online activity to avoid the risk of selling data to advertisers or third parties.
Lack of transparency: Pay attention to the absence of the “ About Us ” section on the official website of the VPN provider, as this may indicate a lack of information about who processes your information.
DNS leak protection: Make sure VPN service offers protection against DNS leaks to prevent your online provider from viewing your online activity.
Weak encryption: Avoid VPNs that offer encryption weaker than 128-bit or 256-bit AES as this increases the risk of compromising your information.
Negative reviews: read user reviews and consult with reputable review sites to evaluate the experiences and concerns of other users before choosing a VPN service.
The distribution of VPN applications creates both opportunities and problems for users seeking confidentiality and security in their online activity. Although the market offers a wide range of reliable VPN solutions, a growing number of unreliable applications require caution and informed decisions.
Understanding the factors contributing to the excess of VPN applications, determining the risks associated with their use, and introducing measures to reduce these risks, users can make more informed choices to protect their privacy and security on the Internet.
__________________
Jeremiah Fowler discovered a serious security breach in an open database associated with the popular free SuperVPN VPN service. The database contained 360,308,817 records, with a total volume of 133 GB. A wide range of confidential information was found in these records, including user email addresses, source IP addresses, geolocation data, and server usage records.
In addition, as a result of the leak, secret keys, unique application user numbers and UUID numbers were disclosed, which can be used to identify additional useful information.
Other information found in the database covered models of phones or devices, operating systems, types of Internet connections and versions of VPN applications. In addition, requests for refunds and data on paid accounts were present in the leak.
Although SuperVPN claims to not store user logs, data leakage shows the opposite and is contrary to company policy. It also indicates that “ Almost every major free VPN service is a masked data farm ”.
With growing concerns about online privacy and security, demand for VPN services has increased in recent years. As a result, the market has witnessed a significant increase in the number of VPN applications available to users.
However, this leap of offers has led to an alarming amount of VPN applications that are unreliable and do not provide the expected level of confidentiality and security. This leads to counterproductive user experience, since the lack of adequate security protocols puts their information at risk of being lost as a result of data disruption.
According to vpnMentor, most of the data leak entries were related to SuperVPN, a free VPN application available both on the Apple App Store and on the Google Play Store.
In addition, researchers noted two applications called SuperVPN, each of which belonged to different developers. Qingdao Leyou Hudong Network Technology Co. was the developer of SuperVPN for iOS, iPad and macOS, and SuperSoft Tech developed a second application with the same name.
However, it is important to note that this is NOT the first time SuperVPN is accused of leaking personal data of its unsuspecting users. In fact, as SecurityLab.ru reported in May 2022, SuperVPN was on the list of free VPN services, e of which more than 21 million users have leaked.
In a vpnMentor report, Fowler noted that the email addresses of SuperVPN customer support were related to StormVPN, Luna VPN, RocketVPN and GhostVPN. In addition, links to each of these VPN providers were seen in the database.
Although there is no way to confirm that they all belong to the same company, it would not come as a surprise if it were so. The proliferation of unreliable VPN applications can be attributed to prospective developers seek to capitalize on the growing demand for privacy and security.
The VPN industry has become highly profitable with millions of users around the world who seek to find reliable solutions to protect their online presence. In this situation, some developers give priority to monetary benefits over user safety by focusing on fast and cheap marketing and distribution of VPN applications.
Therefore, for one company to produce several VPN applications with different names and slightly different functionality, allows it to reach more users.
When choosing a free VPN service, you must be careful and take into account certain red flags that indicate potential risks. These include:
Fuzzy data collection and use policies: Make sure VPN service does not store your online activity to avoid the risk of selling data to advertisers or third parties.
Lack of transparency: Pay attention to the absence of the “ About Us ” section on the official website of the VPN provider, as this may indicate a lack of information about who processes your information.
DNS leak protection: Make sure VPN service offers protection against DNS leaks to prevent your online provider from viewing your online activity.
Weak encryption: Avoid VPNs that offer encryption weaker than 128-bit or 256-bit AES as this increases the risk of compromising your information.
Negative reviews: read user reviews and consult with reputable review sites to evaluate the experiences and concerns of other users before choosing a VPN service.
The distribution of VPN applications creates both opportunities and problems for users seeking confidentiality and security in their online activity. Although the market offers a wide range of reliable VPN solutions, a growing number of unreliable applications require caution and informed decisions.
Understanding the factors contributing to the excess of VPN applications, determining the risks associated with their use, and introducing measures to reduce these risks, users can make more informed choices to protect their privacy and security on the Internet.
__________________