Free VPN Extension Found Misusing CyberGhost Servers
Published
Key Takeaways
- CyberGhost server misuse: BiuBiu VPN Chrome extension hijacked free servers; 20 million users affected; no data breached.
- Security discovery: Researchers found hidden traffic routing during code and network analysis of extension.
- Industry concern: CyberGhost upgrading systems; developer removed app; free VPN risks highlighted again.
A widely used free VPN browser extension has been found using CyberGhost’s free servers without permission, raising fresh questions about the safety and transparency of free VPN tools.
The extension, called “BiuBiu VPN – The Website Unblocker,” reportedly has around 20 million users. Security researchers discovered that instead of operating its own network, the extension was routing user traffic through CyberGhost’s infrastructure.
CyberGhost has confirmed the misuse but said no customer data or accounts were affected.
What Happened And How It Was Found
The issue came to light during a security review of Chrome extensions, where unusual traffic patterns linked to BiuBiu VPN were noticed. Further technical checks, including source code and network analysis, showed that the extension was quietly connecting users to CyberGhost’s free servers.
Experts said the app worked as promised from a user’s point of view, meaning people could unblock websites. However, using another company’s servers without permission created risks around trust, accountability, and possible misuse.
CyberGhost Takes Action
CyberGhost explained that the servers involved were part of its older free proxy service, which was designed to give the public limited access to its network. The company said this system had been taken advantage of and that its security team is now working to stop further abuse.
CyberGhost also confirmed that no user data was accessed or exposed. The company plans to move its free proxy service to a stronger system that will still be free but will require registration to reduce misuse and protect resources for legitimate users.
Extension Developer Removes The App
PreppHint, the developer behind BiuBiu VPN, said it has permanently discontinued the extension. The app has already been removed from the Chrome Web Store and will no longer be available for download.
This is not the first time free VPN apps have been linked to questionable practices. Last year, another free VPN app, JetVPN, with over one million downloads, was found using servers belonging to other VPN providers. That app was also taken down shortly after discovery.
What This Means For Free VPN Users
Security experts say incidents like this show why users should be cautious when installing free VPN services. It is often unclear which servers handle their traffic or how their data is managed.
While CyberGhost’s servers are considered safe, researchers warned that similar apps could route traffic through insecure networks that log activity or expose users to tracking. Since operating VPN services costs money, some free providers rely on ads, data collection, or shortcuts like using third-party infrastructure.
Not all free VPNs are unsafe, but users are advised to choose services that clearly explain how they work and how they make money. Free trial versions from established VPN providers are generally considered safer, though they usually come with usage limits.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular