Massive free VPN data breach exposes 360 million records

Cybersecurity researcher Jeremiah Fowler discovered and reported that over 360 million user data records have been leaked in a breach with the free VPN service SuperVPN. These records contained tons of personal information, including email addresses, original IP addresses, geolocation records, unique user identifiers, references to visited websites, and more.

Here’s everything we know so far.

How was this data breach found?

Credit: Apple App Store (Qingdao Leyou Hudong Network Technology Co)

Fowler did an enormous amount of research and found one key detail that was quite concerning. He noticed that the smartphone app for SuperVPN was listed under different developers depending on the App Store it was downloaded from. The Google Play Store version was credited to SuperSoft Tech, while the Apple App Store version was credited to Qingdao Leyou Hudong Network Technology Co. Both companies seem to have connections to China as the notes for each are written in Mandarin, which serves as the official language of the country. Fowler then discovered a publicly exposed database linked with the SuperVPN app containing 133 GB of data. This data included personal user information such as IP location, servers used, details about online user activities, device models, operating systems, and refund requests. Fowler took it upon himself to reach out to the email addresses listed in this database; however, the database was quickly closed shortly afterward.

MORE: WHAT IS A VPN? CAN IT REALLY PROTECT MY ONLINE PRIVACY AND SECURITY?

 

How can I check if my information was sold on the dark web?

To check if your information was sold on the dark web, you can go to haveibeenpwned.com and enter your email address into the search bar. The website will search to see what data of yours is out there and display if there were data breaches associated with your email address on various sites.    Be sure to check out our article on what to do if your data has been stolen by clicking here.

Was your private data being sold on this dark web marketplace?

 

Is SuperVPN still available?

SuperVPN is still available for Apple and Android devices; however, I would not recommend using it. This is not the first time that the free VPN service has had information leaked, as it happened once in 2016 and again in 2020.

 

Are free VPNs unsafe?

You know the phrase, “You get what you pay for”? Well, this certainly applies when it comes to choosing a VPN. Having a free VPN service is likely never going to be as safe as one that you have to pay for. When picking a VPN, you have to choose one that is trusted and reputable, especially since its job is to protect your private data.

Here are some of my top reasons why you should seriously consider a VPN that you pay for over one that is free:

1. Low-level encryption leads to dangerous leaks

One of the main benefits of using a VPN service is that it creates a protective, encrypted tunnel to keep your data away from the prying eyes of third-party entities. Many of the free VPN service providers, however, don’t use adequately encrypted tunnels leading to data leaks.

2.  Putting your data up for sale

Unlike paid VPN services, free VPN services have to rely on other ways to earn a profit. One of the ways they do so is by selling your data. While one of the best advantages of using a VPN service is to protect your data and activity online, the free VPN providers take the data stored and sell it. When you install a free VPN app, you are often agreeing to these terms and conditions.

3. Free VPNs have a higher risk of malware

Many of these free VPN apps end up introducing malware to your device. Some free VPN apps are fake apps that just glean any information from you so they can sell or compromise the user. Or in the case of this SuperVPN app, these free apps might be owned by people in countries like China and Russia who wish to steal data from American citizens and use it to spy on our government.

4. Expect a slower connection

Free VPN services not only create dangerous data leaks but can also make your overall online experience slow. Unlike paid, premium VPN services, a free VPN service can create connection speed issues because they are often routing too many users to a few servers. Paid VPN services usually utilize multiple servers to minimize lags.

5.  Constant CAPTCHA

You’ve seen CAPTCHA before. It stands for Completely Automated Public Turing Test, and it is when Google or another website asks you to prove that you’re not a bot, and you’ll get it all the time if you use a free VPN. When thousands of users make requests from the same IP address, which often happens with free VPN services, it triggers Google’s algorithm because more data is being sent and received from a single IP address than is possible for one person to send or receive. A paid VPN service has more servers and more IP addresses, so they don’t get flagged as a potential bot as much.

6. Overflow of ads

The other cost of using free VPN apps is that you will get bombarded by ads, pop-ups, and redirects to sponsored pages. Not only is it annoying to click through –  it could be a privacy and security issue. These apps will register your reaction or interactions with these ads. There’s no way to verify that these pop-ups or redirects are safe, and they could be introducing malware or adware to your device.

 

Which VPN should I use?

Read more of my reviews for best VPNs here

Best VPNs for browsing the web privately 2023

 

 

Kurt’s key takeaways

Ultimately, I would say that having a free VPN service just isn’t worth it. I know money can be tight, and we’d all rather have something for free than spend more, however, think of how thankful you’ll be when more security breaches happen, and your data is still protected. It’s way better to get what you pay for than to go the easy route and hope for the best.

 

Do you believe there are no free lunches in the world including free technology? Let us know by commenting below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

Related:

Related posts

Is your Social Security number at risk? Signs someone might be stealing it

Updated Android malware can hijack calls you make to your bank

Robot dog is making waves with its underwater skills