In total, the database contains 10GB worth of data from companies like SuperVPN, GeckoVPN, and ChatVPN which is now available for free download on several different Telegram groups.
On May 7th, 2022, a database containing the personal details and login credentials of 21 million users was leaked in a Telegram group, Hackread.com has learned. What’s noteworthy is that the dump also exposed the data of VPN users including popular VPNs like SuperVPN, GeckoVPN, and ChatVPN.
The database was previously put up for sale on the Dark Web last year, but currently, it is available on Telegram for free.
Database Exposed 10GB of Data
According to researchers at VPNMentor, the leaked records comprised 10GB of data and exposed 21 million unique records. The information included the following:
- Full names
- Country names
- Billing details
- Email addresses
- Randomly generated password strings
- Premium status and validity period
Further probe indicated that the leaked passwords were random, hashed, or salted without collision, therefore each was different and much more difficult to crack. A majority of the email IDs, about 99.5%, were Gmail accounts. But, researchers at vpnMentor believe that the dumped data is only a subset of the full dump.
For now, it is unclear whether the data was stolen as a result of a data breach or it was obtained from some misconfigured server. Either way, the damage is done and users are now at risk of scams and prying eyes.
The primary reason people choose to use VPNs is to ensure anonymity and privacy. This is why exposing the data of VPN users has far-reaching consequences since it is considered more valuable. In this case, the people who got their data exposed in the breach might become victims of blackmail, phishing scams, or identity theft since their full names and emails are leaked.
They may also launch targeted scams because of the exposure of personally identifiable information like country name, billing details, usernames, etc. After cracking the passwords, threat actors can easily hijack their accounts and exploit their premium status.
If the data lands in the hands of a tyrannical government, where VPN use is banned, this leak can lead to the arrest and detention of VPN users. If you want to stay protected from getting exploited by hackers/scammers, change your VPN account password and use a mix of upper-lower-case letters, symbols, numbers, etc., for optimum account security.
More VPN News
- Almost Every Major Free VPN Service is a Glorified Data Farm
- 7 VPN firms with a no-logs policy end up exposing 1.2 TB of user data
- UFO VPN leaks database again; gets taken over & destroyed by hackers
- Sensitive data of 900 Pulse Secure VPN servers leaked on a hacker forum
- India to Collect User Data from VPNs, Data Centers, & Cloud Service Providers