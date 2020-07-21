Nearly 1.2TB worth of personal user information was leaked from seven Virtual Private Network (VPN) services. According to reports, the breach was possible as these seven VPN services did not have any mode of password authentication for the user data logs or API access.

One of the seven VPN services - UFO VPN - exposed user data in the form of plain text passwords, IP address connections, geo-tags, user VPN sessions, etc.

A Comparitech report claims that the company was informed about the loophole, and it took more than two weeks to fix the issue. UFO VPN further claimed that there was no loss of data. The Comparitech report states that data of nearly 20 million users (both free and paid) amounting to 894GB was leaked.

A separate report by vpnMentor found that six more VPN services, namely Rabbit VPN, Fast VPN, Flash VPN, Free VPN, Super VPN, and Secure VPN, were connected to a common developer, same as UFO VPN. This combined has led to a breach worth 1.2TB user data.

vpnMentor noted that these VPN services share an Elasticsearch server and have a single recipient for payments. These services also share a lot of other assets, according to the report. Upon reaching out to the affected VPN services, some stated that the issue was fixed while others did not choose to respond.

VPNs are generally considering to provide a safe tunnel for users to access the web.

