Researchers uncover mysterious data breaches involving 300 million VPN records

0

A security company has sounded the alarm because of the data leak of over 300 million records, which can be traced back to a VPN provider. However, this VPN provider denies any involvement.

The company in the spotlight, ActMobile Networks, operates several VPN brands, including Dash VPN and FreeVPN.org, but has told research firm Comparitech involved that it does not maintain databases and is not responsible for them.

When choosing a VPN, it is imperative to choose one that does not keep a record or log of your data. Anyone who does this could view or sell your data, and if it is ever disclosed, that data could be publicly paid out to millions.

What did Comparitech’s research show?

Security firm Comparitech claims to have discovered an exposed database in early October that contained over 100 GB of data and 300 million records in various forms.

The compromised data included 45 million user records that included email addresses, encrypted passwords, full names, and usernames; 281 million user device records including IP address, country code, device and user ID; and 6 million sales receipts, including product purchased and receipts.

All in all, it’s a deluge of data that could potentially be used for nefarious purposes, including phishing campaigns, should it get into the wrong hands.

While the database was closed within a week of being discovered by Comparitech, the data it contained was apparently made public.

Anyone who suspects they have caught this leak should change their passwords immediately and watch out for suspicious emails that could be part of an orchestrated targeted phishing campaign.

How did ActMobile Networks react?

As is customary in the industry, Comparitech alleged that it alerted ActMobile Networks to the incident immediately on October 8th when the leaked data was discovered by Comparitech. Comparitech states that its attempts to sound the alarm have been ignored by team members, support and server administrators and eventually got in touch via Twitter.

A week later, on October 15th, Comparitech reports that the database has been closed. Unfortunately, a few weeks later, on November 1st, the data was leaked into hacker forums.

When Comparitech contacted ActMobile Networks, it received a response that it did not maintain databases:

“We don’t maintain databases, so anything referenced is wrong. In addition, we will take action if you write about us. ”- ActMobile’s reaction to Comparitech

According to Comparitech, the data did not come from ActMobile, but from someone who tried very hard to mimic it. The compromised server’s SSL certificate shows it belongs to actmobile.com, the WHOIS record for the IP address where the data was located is listed as owned by ActMobile Networks, and the database contained multiple references to the VPN -Marks from ActMobile.

Again, it’s worth noting that ActMobile has refused to hold databases and continues to deny being the source of the compromised data.

Choosing the right VPN

The conclusion that a VPN has been compromised is grave as VPNs can be used to hide personal information or sensitive data that, if exposed, could make users extremely vulnerable.

For this reason, we only recommend VPNs that don’t keep logs. ActMobile claims that its own brands don’t maintain databases, but since we haven’t tested any of their products we can’t comment on that. However, we can speak with authority about the VPN services we have tested.

What we found from our research is that many free VPNs are not what they appear to be. Sure, they’re “free” to the user, but even if you don’t hand out cold money, the company is somehow squeezing revenue out of you, be it by selling your data or even by sharing your bandwidth, as it does Case with Hola.

If you want a good, secure VPN that won’t keep logs and compromise your data, you’ll have to pay for it. Fortunately, they’re not expensive, and you could end up paying just a few dollars a month for a solid VPN that won’t get you in hot water. We have listed some of our recommendations below:


Source link

Share.

Leave A Reply