Massive free VPN data breach exposes 360M Records

Cybersecurity researcher Jeremiah Fowler discovered and reported that over 360 million user data records have been leaked in a breach with the free VPN service SuperVPN. These records contained tons of personal information, including email addresses, original IP addresses, geolocation records, unique user identifiers, references to visited websites and more. Here’s everything we know so far.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER

How was this data breach found?

Fowler did an enormous amount of research and found one key detail that was quite concerning. He noticed that the smartphone app for SuperVPN was listed under different developers depending on the App Store it was downloaded from. The Google Play Store version was credited to SuperSoft Tech, while the Apple App Store version was credited to Qingdao Leyou Hudong Network Technology Co. Both companies seem to have connections to China as the notes for each are written in Mandarin, which serves as the official language of the country.

IS YOUR NEW ANDROID PHONE OR TV BOX ONE OF THE MILLIONS IMPACTED BY PREINSTALLED MALWARE?

Photo of the SuperVPN advertisement.

SuperVPN suffered a large data leak and is linked to China. (Apple App Store, Qingdao Leyou Hudong Network Technology Co.)

Fowler then discovered a publicly exposed database linked with the SuperVPN app containing 133 GB of data. This data included personal user information such as IP location, servers used, details about online user activities, device models, operating systems and refund requests. Fowler took it upon himself to reach out to the email addresses listed in this database; however, the database was quickly closed shortly afterward.

MORE: WHAT IS A VPN? CAN IT REALLY PROTECT MY ONLINE PRIVACY AND SECURITY?

Is SuperVPN still available?

SuperVPN is still available for Apple and Android devices; however, I would not recommend using it. This is not the first time that the free VPN service has had information leaked, as it happened once in 2016 and again in 2020.

THE URGENT IPHONE WARNING YOU CAN’T AFFORD TO IGNORE

Are free VPNs unsafe?

You know the phrase, “You get what you pay for”? Well, this certainly applies when it comes to choosing a VPN. Having a free VPN service is likely never going to be as safe as one that you have to pay for. When picking a VPN, you’ve got to choose one that is trusted and reputable, especially since its job is to protect your private data. 

Here are some of my top reasons why you should seriously consider a VPN that you pay for over one that is free.

1. Low-level encryption leads to dangerous leaks

One of the main benefits of using a VPN service is that it creates a protective, encrypted tunnel to keep your data away from the prying eyes of third-party entities. Many of the free VPN service providers, however, don’t use adequately encrypted tunnels, leading to data leaks.

2. Putting your data up for sale

Unlike paid VPN services, free VPN services have to rely on other ways to earn a profit. One of the ways they do so is by selling your data. While one of the best advantages of using a VPN service is to protect your data and activity online, the free VPN providers take the data stored and sell it. When you install a free VPN app, you are often agreeing to these terms and conditions.

3. Free VPNs have a higher risk of malware

Many of these free VPN apps end up introducing malware to your device. Some free VPN apps are fake apps that just glean any information from you so they can sell or compromise the user. Or in the case of this SuperVPN app, these free apps might be owned by people in countries like China and Russia who wish to steal data from American citizens and use it to spy on our government.

4. Expect a slower connection

Free VPN services not only create dangerous data leaks but can also make your overall online experience slow. Unlike paid, premium VPN services, a free VPN service can create connection speed issues because they are often routing too many users to a few servers. Paid VPN services usually utilize multiple servers to minimize lags.

MORE: MY VPN KEEPS ME PRIVATE AND SECURE, SHOULD I EVER TURN IT OFF? 

5. Constant CAPTCHA

You’ve seen CAPTCHA before. It stands for Completely Automated Public Turing Test, and it is when Google or another website asks you to prove that you’re not a bot, and you’ll get it all the time if you use a free VPN. When thousands of users make requests from the same IP address, which often happens with free VPN services, it triggers Google’s algorithm because more data is being sent and received from a single IP address than is possible for one person to send or receive. A paid VPN service has more servers and more IP addresses, so they don’t get flagged as a potential bot as much.

MALICIOUS ANDROID SPYWARE DETECTED IN OVER 100 POPULAR APPS

Photo of a CAPTCHA test.

A CAPTCHA test is a way to prove that you are not a bot. (CyberGuy.com)

6. Overflow of ads

The other cost of using free VPN apps is that you will get bombarded by ads, pop-ups, and redirects to sponsored pages. Not only is it annoying to click through, it could be a privacy and security issue. These apps will register your reaction or interactions with these ads. There’s no way to verify that these pop-ups or redirects are safe, and they could be introducing malware or adware to your device.

HOW TO IDENTIFY AND STOP APPS THAT ARE LISTENING TO YOU

Which VPN should I use?

There are lots of great choices out there when it comes to a solid, risk-free VPN service. Read reviews on the service before committing to one, and if it’s a free service, you should absolutely proceed with caution.

For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices by visiting CyberGuy.com/VPN.

HOW FACEBOOK SECRETLY COLLECTS YOUR INFORMATION EVEN IF YOU HAVEN’T SIGNED UP

Kurt’s key takeaways

Ultimately, I would say that having a free VPN service just isn’t worth it. I know money can be tight, and we’d all rather have something for free than spend more, however, think of how thankful you’ll be when more security breaches happen, and your data is still protected. It’s way better to get what you pay for than to go the easy route and hope for the best.

Do you believe there are no free lunches in the world including free technology? Let us know by writing us at CyberGuy.com/Contact.

CLICK HERE TO GET THE FOX NEWS APP

For more of my security alerts, subscribe to my free CyberGuy Report Newsletter by heading to CyberGuy.com/Newsletter.

Copyright 2023 CyberGuy.com. All rights reserved.

Check Also

Larian Studios shocks fans by not planning any Baldur’s Gate 3 DLC or expansions, with no Baldur’s Gate 4 in sight. Time for something new!

During a panel at the Game Developers Conference (GDC) today, the founder of Larian Studios, …