The VPN company in the discussion is a Hong Kong-based UFO VPN owned by Dreamfii HK Limited.
Perhaps, the most ironic moments in the cybersecurity world occur when those who promise to protect your online privacy cannot guard their own turf. We’ve seen this happen from time to time with security firms getting hacked themselves.
Another similar case has emerged recently when the database of a Hong Kong-based VPN provider called UFO VPN was exposed with more than 20 million users logs.
Discovered by researchers from Comparitech on July 1st, 2020; the exposure occurred due to the database hosted on an Elasticsearch cluster being left without any password.
Worth 894 GB, the data allegedly included plaintext passwords, IP addresses, timestamps of user connections, session tokens, information of the device, and OS being used along with geographical information in the form of tags.
The implications of this are pretty dangerous in that not only user accounts are at risk of being taken over by malicious actors but users can also be tracked online.
Furthermore, using the session tokens, any encrypted data that someone gains access to could also be decrypted rendering the entire concept of encryption useless in this scenario.
UFO VPN does not collect, monitor, or log any traffic or use of its Virtual Private Network service, under any circumstances, on any platform.
The incident was reported to UFO VPN and the database was secured yesterday on 15 July. The company, on the other hand, claims that due to the certain employee being changed because of the Coronavirus, the issue could not be identified earlier stating the following:
In this server, all the collected information is anonymous and only be used for analyzing the user’s network performance & problems to improve service quality. So far, no information has been leaked.
This though of course if what the company seems to be saying to mitigate the damage to its reputation with the facts clearly suggesting otherwise. For the future, hence, it remains to see if the firm improves its security practices and how many users jump ship. Users of the provider are suggested to immediately change their account passwords as they may be at risk.