A Collection of User Data Allegedly Sourced From Android VPNs Appeared for Sale

  • A collection of 21 million user records has appeared online, allegedly combining data from three Android VPNs.
  • The services allegedly exposed themselves by leaving user databases online and without password protection.
  • One of the three VPN services that are included in the pack comes with well-documented risks.

A large collection of 21 million user records has appeared on a hacker forum and is available for purchase. The seller alleges that the data comes from a breach on three VPN services that are very popular in the Android world, namely SuperVPN, GeckoVPN, and ChatVPN. At the time of writing this, there has been neither a confirmation nor a debunking of the alleged breach, so we can’t tell if the seller's claims are valid or not. However, the data appears to be real.

Source: CyberNews

The seller has categorized the data in three archives, which contain the following user details:

  • Email addresses
  • Usernames
  • Full names
  • Country names
  • Randomly generated password strings
  • Payment-related data
  • Premium member status and its expiration date
  • Device serial numbers
  • Phone types and manufacturers
  • Device IDs
  • Device IMSI numbers

Even logging the above details is a good reason to avoid using these VPN vendors entirely if, of course, the data is proven to belong to their userbases. The seller claims that the data was actually left exposed on unsecured databases, which were left to their default configuration and not properly secured with a password. If this is true, the particular VPN service providers have given another example of why they can’t be trusted.

Source: CyberNews

Among the three, ChatVPN is a fairly small entity, GeckoVPN has a respectable 10 million installations, and SuperVPN has a mind-blowing 100 million users. A year ago, we discussed why SuperVPN is so unsafe that it shouldn’t even be available on the Play Store, yet it remains there to this day. In that post, we presented MITM risks, lack of strong encryption, and several privacy flaws. Also, the product’s developers are based in China, so the reasons behind the existence of security gaps are ambiguous.

Even if the data that’s available for purchase is proven not to belong to the three VPN apps mentioned above, we would still suggest that you avoid using free VPN services and just pick something truly reliable and trustworthy. If you’re looking for examples of that, check out our list with the seven best VPNs for the Android platform in 2021.

NBA 2023 Live Stream: How to Watch Basketball Online from Anywhere
The wait is almost over, and basketball fans worldwide can finally look forward to the start of the 2023/24 NBA season. The...
How to Watch 2023 NHL Without Cable: Live Stream Hockey Games Online from Anywhere
The 2023/24 season of the National Hockey League is finally upon us, and fans are gearing up to watch the hard-hitting action...
NFL 2023 Live Stream: How to Watch Football Online from Anywhere
The 104th season of the National Football League is already underway, and we anticipate some thrilling action in the coming months. The...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari