According to VPN Mentor, a privacy advocate firm which reviews virtual private networks (VPN), after an in-depth research, it has been discovered that three VPN service providers with millions of customers worldwide are leaking sensitive data such as users’ IP addresses – These VPNs include HotSpot Shield, PureVPN, and Zenmate.
What is a VPN used for?
The purpose of using a VPN depends on the situation but mostly people opt-in for VPNs to fight online censorship by accessing websites that are blocked by their ISPs while some chose to use VPN for anonymity and better privacy.
But what happens when the VPN you thought was protecting your privacy was actually posing a threat to it? You can be under government surveillance or malicious organizations, hackers can track your IP address and identify your ISP or on a business level, it can allow attackers to carry distributed denial-of-service (DDoS) attacks.
3 hackers exposed vulnerabilities in 3 top VPN vendors
According to VPN Mentor’s blog post, in order to find vulnerabilities in HotSpot Shield, PureVPN, and Zenmate VPN Mentor hired three ethical hackers who after testing concluded all three VPN have been leaking IP address of the user, even when a VPN is in use posing a massive privacy threat.
Out of three hackers, one has decided to keep their identity hidden while one going by the online handle of File Descriptor while the other Paulos Yibelo. Here it must be noted that the vulnerabilities exist in the Chrome browser plugins for all three VPNs and not in the desktop or smartphone apps.
HotSpot Shield VPN vulnerabilities
According to the findings, AnchorFree’s HotSpot Shield was filled with three vulnerabilities. The first vulnerability (CVE-2018-7879) allowed remote attackers to cause a reload of the affected system or to remotely execute code.
The second and third vulnerabilities (CVE-2018-7878 & CVE-2018-7880) leaked IP and DNS addresses which as discussed above poses a privacy threat to users since hackers can track user location and the ISP.
HotSpot Shield fixed the vulnerabilities
HotSpot Shield was quick to respond to VPN Mentor regarding the vulnerabilities and patched all vulnerabilities professionally and timely protecting millions of its users from what could be a serious threat if exploited.
“The fast response of Hotspot Shield is something we think is worth commending. We felt that they worked with our research team in a fast and serious manner and that they care for their users. They took our research as help for improvement rather than criticism,” said the co-founder of vpnMentor Mr. Ariel Hochstadt.
It is a good news for Hotspot Shield users as last year the VPN vendor was in the news for violating user privacy by intercepting web traffic, keeping activity logs and redirecting it to third-party websites especially advertising companies.
Vulnerabilities in PureVPN and ZenMate
In PureVPN and Zenmate, researchers also found that loopholes similar to Hotspot Shield may leak user sites and IP addresses. However, because they did not receive a response from both manufacturers, they did not specify the loopholes of both, but they appealed for two products. The user pays attention and confirms with the manufacturer.
HackRead has also contacted PureVPN and Zenmate. This article will be updated in case the vendors decided to reply.