According to reports, the user databases of three popular Android VPN services have been hacked. Millions of user details are now available for sale online.
The databases, which allegedly came from SuperVPN, GeckoVPN, and ChatVPN, collectively contain 21 million user details and apparently sensitive details like user authentication information, according to a new study by CyberNews.
If the leaked databases are real, the amount of information these services record about their users is even more worrying about the leak, despite claiming not to do so in their respective privacy policies.
CyberNews’ research team has seen clippings from the databases and determined that the leak also contains information about the user’s devices, arguing that with the right expertise this could be used to identify man-in-the-middle (MITM ) to perform. Attacks on unsuspecting users.
“We reached out to SuperVPN, GeckoVPN, and ChatVPN and asked if they could confirm the leak was real, but we didn’t get any responses at the time of this writing,” he said site said.
If you take the hacker’s word, the databases were publicly available and the companies didn’t even follow the basic security procedure of disabling the default database credentials.
This news is sure to have serious ramifications for the entire industry, especially given that the destination providers are some of the most popular VPN providers.