Data of 21 Million VPN Users Leaked Online

Security experts from Cybernews have discovered a massive data breach which is directly linked to the millions of VPN user. Security experts discovered during their investigation that cybercriminals are selling over 21 million users’ records on a popular hacker forum and are trading three databases that contain user credentials and device data stolen from three different Android VPN services – SuperVPN (with 100 million+ installs on Play Store), GeckoVPN (10 million+ installs), and CatVPN (50,000+ installs).

List of Leaked Information 

As per the reports of Cybernews, cybercriminals are trading three databases, two of which allegedly contain a variety of data apparently gathered by the providers from more than 21 million users. This data includes:
 
• Email addresses 
• User Names 
• Full Names 
• Country Names 
• Randomly generated password strings 
• Payment related data • Premium membership status and its expiration data 

Based on the sample that the security experts were able to view from the database, the collection also appears to contain user device information, including: 

• Serial numbers of devices 
• Phone types and manufacturers 
• Device IDs • IMSI numbers of the devices 

“The threat actor claims that the data has been exfiltrated from publicly available databases that were left vulnerable by the VPN providers due to developers leaving default database credentials in use,” Cybernews stated. 

VPN providers: The main culprits 

Millions of users trust VPN because it strengthens user’s data privacy and security on the internet, it alters their IP address and location, making their browsing activity safe and private from cybercriminals. Cybernews claims that these three VPN providers are logging in for more information about their users than stated in their Privacy Policies. It also suspects that the cybercriminals might have gained full remote access to the VPN servers.

“If true, this is an incredible blow to user security and privacy on the part of SuperVPN, GeckoVPN, and ChatVPN. And, in the case of SuperVPN, this blow is not the first. With deeply sensitive device information such as device serial numbers, IDs, and IMSI numbers in hand, threat actors that have access to the data contained on the compromised VPN servers can get hold of that data and carry out malicious activities such as man-in-the-middle attacks and more,” Cybernews further stated.