Free VPN reportedly exposed 25 million user records — here’s the culprit

A free VPN app on the Google Play Store exposed 25 million user records, including 18.5GB connection logs that could lead to threat actors finding out a user’s email address, location, and more.  

Discovered by Cybernews, free VPN service BeanVPN left over 25 million records open to the public, with Play Service IDs, IP addresses, connection timestamps and even user devices made publically available. The information was spotted on ElasticSearch, a free and open search and analytics engine, but the report states the search instance is now closed. 

The BeanVPN app has more than 50,000 downloads on the Google Play Store, and is developed by IMSOFT. It isn’t available on the App Store, but Android phone users should be aware.

What’s worse, the company’s privacy policy states: “we do not collect logs of your activity, including no logging of browsing history, traffic destination, data content, or DNS queries. We also never store connection logs, i.e., no logs of your IP address, your outgoing VPN IP address, connection timestamp, or session duration.”

The BeanVPN website has no information about the app, and instead promotes a “TeleFly for Telegram” app for MTProto proxy servers for Telegram. Cybernews reached out to the BeanVPN developer, but there has been no response. 

(Image credit: BeanVPN)

“The information found in this database could be used to de-anonymize BeanVPN’s users and find their approximate location using geo-IP databases,” Cybernews security researcher Aras Nazarovas stated. “The Play Service ID could also be used to find out the user’s email address that they are signed in to their device with.” 

Free VPNs can be risky

A VPN provides anonymity when browsing on public Wi-Fi, bypasses region-restricted websites, and keeps your online activity encrypted. By exposing user records, BeanVPN can’t be used as a trusted service. Many free VPN options use weak encryption so attackers can easily access them, or worse, the VPN service can log your data and sell it off.

While they offer the ability to get past censored sites in a region, free VPN services can lead to leaked information that can be used to find out your real IP address and ID, meaning threat actors can find out your location and your email address. Some free VPNs are more trusted than others, including Hide.me VPN and Windscribe, but it’s always a good idea to check their privacy policy, reviews, and potential news on leaked data.

The best VPN services require a fee, but they are known for their tight security and fast speeds. For a better look at what you can use a VPN for, check out these five reasons why you need a VPN. 

Today’s best ExpressVPN deals



Source

About the Author: wp4laptop

You might like

Leave a Reply

Your email address will not be published. Required fields are marked *