A Collection of User Data Allegedly Sourced From Android VPNs Appeared for Sale

  • A collection of 21 million user records has appeared online, allegedly combining data from three Android VPNs.
  • The services allegedly exposed themselves by leaving user databases online and without password protection.
  • One of the three VPN services that are included in the pack comes with well-documented risks.

A large collection of 21 million user records has appeared on a hacker forum and is available for purchase. The seller alleges that the data comes from a breach on three VPN services that are very popular in the Android world, namely SuperVPN, GeckoVPN, and ChatVPN. At the time of writing this, there has been neither a confirmation nor a debunking of the alleged breach, so we can’t tell if the seller's claims are valid or not. However, the data appears to be real.

Source: CyberNews

The seller has categorized the data in three archives, which contain the following user details:

  • Email addresses
  • Usernames
  • Full names
  • Country names
  • Randomly generated password strings
  • Payment-related data
  • Premium member status and its expiration date
  • Device serial numbers
  • Phone types and manufacturers
  • Device IDs
  • Device IMSI numbers

Even logging the above details is a good reason to avoid using these VPN vendors entirely if, of course, the data is proven to belong to their userbases. The seller claims that the data was actually left exposed on unsecured databases, which were left to their default configuration and not properly secured with a password. If this is true, the particular VPN service providers have given another example of why they can’t be trusted.

Source: CyberNews

Among the three, ChatVPN is a fairly small entity, GeckoVPN has a respectable 10 million installations, and SuperVPN has a mind-blowing 100 million users. A year ago, we discussed why SuperVPN is so unsafe that it shouldn’t even be available on the Play Store, yet it remains there to this day. In that post, we presented MITM risks, lack of strong encryption, and several privacy flaws. Also, the product’s developers are based in China, so the reasons behind the existence of security gaps are ambiguous.

Even if the data that’s available for purchase is proven not to belong to the three VPN apps mentioned above, we would still suggest that you avoid using free VPN services and just pick something truly reliable and trustworthy. If you’re looking for examples of that, check out our list with the seven best VPNs for the Android platform in 2021.

REVIEW OVERVIEW

Latest

Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari