The user databases of three popular Android VPN services have reportedly been hacked, with millions of user records now put up for sale online.
Databases purportedly from SuperVPN, GeckoVPN, and ChatVPN, together containing a total of twenty one million user records, apparently include sensitive details such as the user’s authentication credentials, according to new research from CyberNews.
If the leaked databases are genuine, what’s even more worrying about the leak is the amount of information that these services log about their users, despite claiming not to do so in their respective privacy policies.
Besides the authentication information, the databases also include email addresses, payment-related data along with the expiration date of the premium accounts. Reportedly, the threat actor is also offering to sort the data by country for potential buyers.
Pervasive data logging
The team of researchers at CyberNews saw snippets from the databases and reveal that the leak also contains information about the user’s devices, and argue that with the right know-how these can be exploited to launch man-in-the-middle (MITM) attacks on the unsuspecting users.
“We reached out to SuperVPN, GeckoVPN, and ChatVPN and asked the providers if they could confirm that the leak was genuine but we have received no responses at the time of writing this report,” the site said.
If one takes the word of the hacker on face value, the databases were publicly accessible and the companies didn’t even follow the basic security procedure of disabling the default database credentials.
The news is bound to have serious industry-wide repercussions especially considering the fact that the targeted providers are some of the most popular VPN vendors.