Avoid These ‘No-Log’ VPN Services That Leaked Millions of Users’ Data – Lifehacker

I wish we didnt need VPNs, but they can be a necessary part of a balanced data security breakfast. ISPs, governments, advertisers and even individualsĀ keen on knowing what you do online can find ways to easily track your browsing data. VPNs make doing so harder (but hardly impossible) by obfuscating your connection through a proxy server. They cant hide you from everyone, but theyre a valuable privacy toolas long as they arent the ones responsible for leaking your data.
Cybersecurity firm Comparitech reports UFO VPNs user information database has been leaking data daily due to poor security. The firm reported the leak to UFO VPN on July 1st. Comparitech says the database contains:

  • Account passwords
  • VPN session secrets and tokens
  • IP addresses of both user devices and the VPN servers they connected to
  • Connection timestamps
  • Geo-tags
  • Device and OS characteristics
  • URLs that appear to be domains from which advertisements are injected into free users web browsers

Much of this data is stored in easily read plaintext files, yet the database wasnt secured or encrypted. It didnt even require a password for access. The number of affected accounts is unknown, but its possible all UFO VPN users had at least some of their data leaked; the database exposed over 20 million user logs per day. Worse, UFO VPN shared the same codebase and setup as a number of other generically named Android VPN appssome with up to one million individual installations. These additional apps, as reported by Android Police, include:

  • Fast VPN
  • Free VPN
  • Super VPN
  • Flash VPN
  • Secure VPN
  • Rabbit VPN

What to do if your info was leaked
If you have used any of these VPNs, change your account information at the very minimum. Update any other accounts that use the same passwordsget unique passwords, alreadyand turn on two-factor authentication for any services you can. Use Have I Been Pwned to check for any further compromises and update your passwords as necessary.
I dont blame anyone for leaving UFO VPN after this debacle. This leak puts users at risk and undermines trust in them and, frankly, the VPN market as a whole. Plenty of VPNs make the same no-log promise as UFO VPN, and its now entirely justified to wonder if theyre telling the truth. More than ever, its worth taking the time to find a VPN you trust.
But dont take this to mean VPNs are a lost cause. As I said earlier, they are one part of a good data security strategy. For the best level of security possible, you need more than just a VPNeven a trustworthy one.
Obviously were big fans of encrypted password managers, but you can boost privacy with the right web browser and/or browser add-ons, too. You can also enable DNS over HTTPS if your browser or devices operating system so allows, as that also helps hide your web traffic from peering outsiders. While no system is foolproof, a well-considered mix of these strategies can make recovering from data breaches much easier.

Source :

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button