VPN Security Breach Explained – Chinese VPN Providers And Data Breaches
A VPN is a series of virtual connections directed over the internet. These connections encrypt the data as it travels through the user’s gadget, web servers, or the internet. According to VPN testing data, most of the protocols contain inbuilt encryption, such as HTTPS, LDAPS, NNTPS, among many more. The recorded number of data leaks in the United States has increased significantly in the last couple of years. In 2017, there were 197.6 million cases, which was an increase from 2016, which saw 36.6 million records. In China, Seven VPN providers from Hong Kong were held responsible for going against privacy policies. They allegedly breached private data belonging to their users, so VPN security breaches happened. These VPNs include Secure VPN, UFO VPN, Free VPN, FAST VPN, Rabbit VPN, Flash VPN, and Super VPN. It has been mentioned that every one of these VPN providers has tracked down to the no-log VPNs. This implies that they had not been keeping records of any activities from the users in the apps.
Nonetheless, those that dug a little deeper discovered that the shared server had substantial activity logs records. The information included gadget IDs, phone models, PII, plain text passwords, email addresses, home addresses, IP addresses, and so much more. The VPN security breach allegedly encompassed site activity, connection logs, clear text passwords, payment data, and addresses. These accused companies are white labels focusing on rebranding services derived from one common VPN provider.
Someone from UFO VPN stated that it could not promptly lock down its information due to staff changes caused by the pandemic. It maintained that the activity logs were only used for general checking of performance. There were claims that these logs were anonymized. For example, there were inconsistencies in the UFO VPN statements. Although the reports cite details that pinpointed this explicit naming, there were some inaccuracies. Seemingly, there are logged activities, discrediting that there were no logs.
VPN Security Breach – Investigative Basis
Recent discoveries revealed that a single developer designed the VPNs that leaked critical data. This was established based on these factors:
- The VPN hosts are on similar assets
- The VPNs use a uniform server known as Elasticsearch
- Up to 3 of these VPNs have an almost identical branding design as seen from the respective websites
- These VPNs use one payment channel known as Dreamfii HK Limited
From this information, it is clear that these applications are whitelisted VPNs from a single developer who then rebrands them into different names before releasing them into the market. UFO VPN’s developer is claimed to be Dreamfii. From the in-app advertisements, Dreamfii is supposed to be a business marketing firm.
The assets are also found in other services such as Secure VPN meant for iOS users, Flash VPN. All these services have claimed from their websites that they offer their users military level encryption security. They also say that they do not store any logs further to strengthen their confidence in their services. However, research efforts have proven that the opposite is true.
The activity logs from these VPNs can easily be extracted from which one can monitor everything about the user’s activities online. They expose sensitive information about the user as well as all the websites they may have visited. Furthermore, plain text passwords are unencrypted whenever you are using these VPN services, which isn’t in line with military-level security channels.
How Extensive Does the VPN Security Breach Run?
It is easy to verify how far the VPN security breach has spread in a few isolated incidents. Sometimes, this problem can be easily solved. However, in most cases, this isn’t what happens. It involves extended periods of trying to get to the bottom of the VPN security breach before becoming more evident on how far the damage has spread. To figure out how and who is responsible for the exposure, a lot of time and attention needs to go into doing it.
It is essential that anyone that is affected by such a VPN security breach to understand how serious it is. Since the VPNs in question were established by the same developer, the risk of exposure from their database is another point of concern. Log information retrieved from the servers shows just how significant a threat this is for the user. Logs have details relating to the package identification data for several VPN services.
These apps transfer user information to the compromised servers, and all have an identical template. Another point of concern is that a few of these VPNs have package names identified from URLs of applications from the Google Play Store. These apps may have variations for both Mac and Windows platforms.
For instance, after downloading the UFO VPN on the phone and connecting it to any random server across the world, you can easily set up a new email and input some personal data. From the logs, you will be sure to find all that information stored in cleartext format. And it’s not just that; you will find information about your device’s IP address, your location, and what servers you are using. This is enough confirmation that your data is live and the entire database actually exists.
VPN Security Breach – Data Entry
Recent investigations have revealed that these leaky servers are still online and even have logs with recently stored entries. Further investigations show that these servers’ information is credited under the users and systems that use Fast VN, Super VPN, UFO VPN, RabvitVPN, Free VPN, and Flash VPN. Data entries are also not exclusive to only a single VPN but connect to all of these VPNs mentioned earlier.
Other forms of data found on the logs include
Clear Text Passwords
From the logs, there is sensitive information relating to the VPN user activity. Some of the data include the user email addresses, passwords that they used when opening up new accounts, and the number of times they failed to log in using the credentials. They also have a history of all requests for any changed passwords, all in clear text format.
The logs from the VPNs have critical financial data, such as the API links from PayPal. Further details include the names in full as well as the emails used to transact from such platforms. Most users could be inclined to use such a payment channel with the hope of better VPN security. Cryptocurrency users are also at risk since details regarding their emails, among other personal data, are stored in these logs.
Technical Data and Online Activity
The exposed servers document information about the devices’ technical specifications on which the Chinese VPNs are installed. Such data includes:
- Device Location
- Device type and ID
- The IP Address of your device
- Data on your online web traffic, as well as websites, visited
- Your Internet Service Provider
- Application Version
From the logs, it can be established that the servers that these VPNs use are subject to exposure. Their IP addresses and location can be easily identified. What this does is that it renders the VPN ineffective. This is because your IP address can be easily extracted, and as a result, their online activity can be traced. In countries where there are restrictions on certain websites, visiting them can lead to persecution since the logs could verify all your online activities.
VPN Data Logs
The VPN services used the servers to hold some of their internal information. The information included logs from their Customer Relationship Management (CRM) applications. It also had details about user activity from the VPN service through the VPN provider’s platform. More data included information from speed tests as well as instances of password alterations.
Customer Support Information
The compromised servers have logs that show several messages directed to the consumer service agents of these VPNs. Most of these messages from the users were primarily centered on poor customer support and fraud reports linked to the VPN service provider.
Huawei User Data
Users with Huawei devices remain at significant risk of exposure. Investigations found data entries in the logs that had nothing to do with the user or their devices. Further still, reports suggested that Huawei was actively monitoring their clients in America from information relayed from the devices they got from the company.
Unique Personal Identification Information
The leaky servers failed to mask crucial personal identifiable information (PII) that had data relating to
- Home and work address locations of the users
- The full names of the user
- Login details of their VPN accounts such as usernames and passwords
- IP addresses of the users as well as that of the VPN servers
VPN Security Breach – Effects of the Data Breach
The scrutiny of these statements means that there exist problems with rebranded VPN products. White labels work on rebranding services without necessarily keeping their promises. It would be best to stick to well-known brands if you are worried about your data privacy. You could check out brands such as Windscribe and visit link directing to reviews online. Users who are specific regarding their data may opt to have a VPN provider that has a good track record.
Hong Kong serves as a unique administrative part of China. Such happenings pose a lot of risk in this area as threats to authorities could leverage VPNs. These threats can easily navigate through surveillance and censorship in mainland China. If this continues, it could be hard for the administration to block rebels. The current problems revolve around altering login data and switching details. While this is going on, there are approximately a billion online records with a vast data breach, affecting nearly 20 million VPN users. There was an unsecured shared server used by multiple VPNs. Incomprehensive VPN security actions could be the reason why such VPN security breaches occur.