Comparitech’s Report Claims That VPNs with ‘Zero Log’ Policy Exposed 1.2 TeraByte Data of Users

Comparitech’s latest report and an extended investigation from VPNMentor suggests that seven VPNs that claim the zero log policy on their sites have leaked 1.2 TB user data. The initial report claims that Asian-based UFOVPN exposed more than 890 GB of data of users, despite the VPN claims the no log policy on its official website.

The leaked data of users include login credentials, IP addresses, the OS used, VPN session tokens, and more. UFOVPN has more than 10 million downloads on Google’s Play Store. Comparitech’s report also discovered that data logs in an unsecured Elasticsearch cluster and stated that more than 20 million data entries were being added each day.

Later, VPNMentor found that six more VPNs that claim the no log policy shared the infrastructure as well as the database with UFOVPNs. This increased the leaked data to a total of 1.2 TB. All of these VPNs have downloads ranging between 100,000 and one million on the Google Play Store. These so-called free VPN apps include the UFOVPN, FreeVPN, SuperVPN, SecureVPN, FlashVPN, RabbitVPN, and FASTVPN. You may also note that the Rabbit VPN app is no longer available on the Google Play Store.

The UFOVPN did not secure the user data despite Comparitech informed it first about the leaked data, until the UFOVPN was reached out by VpnMentor’s team. VpnMentor’s team reached out to the UFO VPN nearly 18 days later after Comparitech's invetegation.

It is interesting to note that the UFO VPN’s team claims that the team was not able to secure the user data because of the coronavirus pandemic. The UFO VPN team also stated that the VPN service keeps anonymized data logs to monitor traffic. However, the team knows that the exposed data includes IP addresses, login credentials of users, and more.

In fact, VpnMentor’s team stated that some data records even had home addresses of users, payment data, device information, and more. All the seven VPNs that claim the no log policy on their official websites have the same payment provider which is Dreamfii HK Limited. Moreover, few VPNs even have similar UI on their official sites. If someone uses any of these VPN services, they are recommended to switch to a better and more secure virtual private network services provider. At least you should change your login credentials if you use any of the above-mentioned VPN.

This is not the first time free VPN apps have been found to be collecting the data of users. Back in 2019, more than 20 VPN and Ad-blocking applications were found harvesting the data of users. These VPN apps had more than 35 million downloads on the Google Play Store.

Photo: Sergey Lykov / EyeEm / Gettyimages

Read next: Researchers Discovered a New Android Malware That Steals Credentials from Banking Apps As Well As Shopping, Communication And Business Category Apps
Previous Post Next Post