It has been determined that Android VPN providers SuperVPN, GeckoVPN and ChatVPN services are exposed to data breaches that cause user data to be compromised. A user on a popular Hack forum has put up for sale three databases containing 21 million user records that he claims he has hacked from three Android VPN services.
VPN services whose data is allegedly stolen by hackers are the most popular VPN apps on Google Play.
GeckoVPN is SuperVPN with 1,000,000+ downloads and ChatVPN has over 50,000 uses.
SuperVPN, GeckoVPN and ChatVPN have been contacted, but the providers have not yet made a statement regarding the breach.
It allegedly contains various data that appears to have been collected from SuperVPN, GeckoVPN, and ChatVPN user.
The data alleged to contain
⦁ Email addresses
⦁ Usernames
⦁ Real names
⦁ Country names
⦁ Randomly generated password strings
⦁ Payment related data Premium member status and expiration date
Based on the examples we saw from the second archive, it appears to contain user device information, including:
⦁ Device serial numbers
⦁ Phone types and manufacturers
⦁ Device IDs Device IMSI numbers
Lessons to be learned
VPN users need to be careful, because companies that offer “invisibility” and “security” to users with VPN, not the user, can also encounter incidents such as data leaks and hacking (even the largest and most reliable companies)
Measures that users can take;
1) Delegate as little as possible to applications.
2) Take regular backups.
3) Being informed as quickly as possible when their data leaks, using threat intelligence services.
4) Update all passwords as fast as possible when there is a leak.
Source
cybernews.com
