05 Mar, 2021

Data of 21 Million Users Available on Android VPN Providers

It has been determined that Android VPN providers SuperVPN, GeckoVPN and ChatVPN services are exposed to data breaches that cause user data to be compromised. A user on a popular Hack forum has put up for sale three databases containing 21 million user records that he claims he has hacked from three Android VPN services.

VPN services whose data is allegedly stolen by hackers are the most popular VPN apps on Google Play.
GeckoVPN is SuperVPN with 1,000,000+ downloads and ChatVPN has over 50,000 uses.
SuperVPN, GeckoVPN and ChatVPN have been contacted, but the providers have not yet made a statement regarding the breach.
It allegedly contains various data that appears to have been collected from SuperVPN, GeckoVPN, and ChatVPN user.

The data alleged to contain
⦁ Email addresses
⦁ Usernames
⦁ Real names
⦁ Country names
⦁ Randomly generated password strings
⦁ Payment related data Premium member status and expiration date

Based on the examples we saw from the second archive, it appears to contain user device information, including:

⦁ Device serial numbers
⦁ Phone types and manufacturers
⦁ Device IDs Device IMSI numbers

Lessons to be learned

VPN users need to be careful, because companies that offer “invisibility” and “security” to users with VPN, not the user, can also encounter incidents such as data leaks and hacking (even the largest and most reliable companies)

Measures that users can take;
1) Delegate as little as possible to applications.
2) Take regular backups.
3) Being informed as quickly as possible when their data leaks, using threat intelligence services.
4) Update all passwords as fast as possible when there is a leak.

Source
cybernews.com


To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram