The data of anonymous users of VPN services appeared on the Internet
Tashkent, Uzbekistan (UzDaily.com) -- Logins and passwords, as well as IP addresses and device identifiers of 45.5 million users of mobile VPN services, of which about 800 thousand were Russians, were made public. Such leaks have become more frequent lately, experts say. As a rule, VPN services are used to visit web resources blocked by the authorities and partially hide data about their own devices. Disclosing data about their users could help intelligence agencies investigate cyber incidents, analysts say. This was reported by Kommersant.
Data from 45.5 million users of FreeVPN.org and DashVPN.io services appeared on the shadow forums, providing privacy services for their data through personal VPNs, which are necessary to create anonymity on the network, according to experts of the Telegram channel "Information Leaks". The data was left on an unsecured MongoDB database server. Both services belong to the international company ActMobile Networks, headquartered in the United States, only 795.7 thousand records belong to Russia, experts say. As stated on the company’s website, more than 75 million people around the world have used their VPN services.
The database contains user email addresses, encrypted passwords, registration dates, profile updates, and last login. The channel’s authors clarify that the database stores data from 2017 to 2021.
VPN applications allow customers to spoof their real IP address in order to visit web resources blocked in their country and partially hide data about their own devices. Information leaks through such services happen more and more often, earlier the data of mobile applications with free VPN GeckoVPN, SuperVPN and ChatVPN appeared on the network (see Kommersant from 1 March), in total 21 million people were affected. Before that, in July 2020, the data of more than 20 million users of similar applications UFO VPN, Secure VPN and others were leaked. Experts immediately drew attention to the fact that free mobile VPN services are unsafe, and fraudsters who bought the database can use the data for phishing and hacker attacks.
Leakage or sale of data from VPN services today is no longer an accident, but an almost guaranteed scenario for using any unprotected service, says Alexander Dvinskikh, an expert on information security at the Krok IT company:
"If a person uses a free service, then he must understand that, most likely, he is the product himself." Such companies collect and repeatedly resell information about which sites the user visits, what he is interested in, what purchases he makes, the expert specifies. In addition, VPN applications retain information about the e-mail and IP-addresses of users, which allows them to directly identify the owner of this data, explains Alexander Dvinskikh.
VPN services are usually used to bypass restrictive measures or to hide their real IP address for the purpose of anonymization on the network, explains Sergey Nenakhov, head of the information security audit department at Infosecurity a Softline. Leaked passwords can be used on other online services as well, as most people use the same password everywhere, he said. “Attackers, having acquired this data, can try to gain access to e-mail, online banks, social networks and other online resources. In this case, the protection will be the use of two-factor authorization and changing passwords,” says Mr. Nenakhov.
But information from VPN services that has become publicly available can be used not only by ordinary fraudsters looking for profit, recalls Alexander Dvinskikh. For example, he notes, it can help intelligence agencies investigate cyber incidents in which those who use these services in illegal activities on the Internet have been seen.