Cybersecurity security researcher Jeremiah Fowler discovered non-password protected database containing over 360 million records associated with SuperVPN. The publicly exposed records contained email addresses, device information, and even references to sites that the user visited.
The two apps named SuperVPN are listed under separate developers on both Google Play and Apple’s app store. SuperVPN for iOS, iPad, and macOS is credited to developers Qingdao Leyou Hudong Network Technology Co., whereas the second app of the same name is developed by SuperSoft Tech.
Fowler also found references to a company named Changsha Leyou Baichuan Network Technology Co. within the database and mentions Qingdao Leyou Hudong Network Technology Co. All appear to have connections to China, and notes inside the database were in the Chinese language.
What the leak exposed:
- 360,308,817 total records exposed with a size of 133 GB.
- The records contained sensitive information, including user email addresses, original IP addresses, geolocation, and records of servers used. Additionally, the records also contained what appeared to be secret keys, Unique App User ID numbers, and UUID Numbers (a Universally Unique Identifier is a 36-character alphanumeric string that can be used to identify further information).
- Additional information in the records included phone or device model, operating system, internet connection type, and VPN application version.
- Refund requests from users who either purchased the product or were charged.
- Links to websites that the app users visited could identify their activity and be a privacy threat to the users who expect a reasonable degree of security.
The same Super VPN’s customer support emails were also linked to Storm VPN, Luna VPN, Radar VPN, Rocket VPN, and Ghost VPN (not to be confused with CyberGhost VPN). In addition, references to these VPN provider names were found inside the database. At this point, it is not possible to determine if these VPNs are owned by the same company, yet we can assume they are somehow related.
According to the customer support page of the app developed by Qingdao Leyou Hudong Network Technology Co.: “SuperVPN keeps no logs which enable interference with your IP address, the moment or content of your data traffic. We make express reference to the fact that we do not record in logs communication contents or data regarding the accessed websites or the IP addresses”. However, this data exposure appears to contradict this privacy guarantee. It should be noted that the application permissions allow the VPN to access the device’s files, images, and other device information.
Here are a few drawbacks of using a free VPN
No VPN provider will offer their services totally free for an unlimited amount of time. If you are not paying your money, then rest assured that you are paying them in other ways. The same situation was observed in the Facebook-owned Onavo VPN case. Here are some drawbacks of using free VPN services.
Tracking Your Online Activities and Selling It
VPN encrypts and tunnels your data so your ISP cannot see what you are doing online. This means ISPs can’t keep track of you, but the VPN provider can. Free VPNs collect user data through tracking libraries, which they can sell for advertising and analytics to some other agency. Betternet’s free VPN app was found to contain 14 different tracking libraries.
Malware & Ransomware
Injecting malware into your device is one of the common traits of free VPNs. Such malware can be used to steal sensitive information from your device or to encrypt your data as evidenced by recent ransomware attacks.
Bandwidth Sealing
Free VPNs might also be stealing your bandwidth and selling it to other organizations. Would you like your PC resources to be used to move traffic on the internet? Apparently, Hola VPN did it. Israel-based Hola was found to be stealing bandwidth from users and then reselling it through its sister company Luminati. You can read this article to know about how Hola duped its customers.
Hijacking The Browsers
This refers to redirecting your browser to websites without your permission. HotspotShield free VPN promises its users shielded connections, security, privacy enhancement, and ad-free browsing. However, the CSIRO study found that HotspotShield redirects user traffic to Alibaba.com and ebay.com through its partner networks Conversant Media and Viglink, respectively.
Here’s Why You Should Choose ExpressVPN
ExpressVPN, which comes highly rated by users and reviewers, works on devices including Windows, Android, iOS, Linux, and routers. Based in the British Virgin Islands, it costs around $6.67 a month if you take out a 12-month plan. With a network of more than 2,000 servers in 94 countries, Express offers top-notch coverage in Europe and the US. It also works pretty well in Asia, South America, the Middle East, and Africa. It uses its own DNS servers and employs high-end encryption tech to ensure your security and privacy.
ExpressVPN offers access to more than 3,000 servers in 160 locations across 94 countries, alongside maybe the widest platform support you’ll find anywhere.
We’re not just talking about native clients for Windows, Mac, Linux, plus iOS, Android, and even BlackBerry. There’s a custom firmware for some routers, DNS content-unblocking for a host of streaming media devices and smart TVs, and surprisingly capable VPN browser extensions for anything which can run them.
All that functionality could sound intimidating to VPN newbies, but ExpressVPN does more than most to help. An excellent support website is stuffed with detailed guides and tutorials to get you up and running. And if you do have any trouble, 24/7 live chat support is on hand to answer your questions. It really works, too – we got a helpful response from a knowledgeable support agent within a couple of minutes of posting our question.
The good news continues elsewhere, with ExpressVPN delivering in almost every area. Bitcoin payments? Of course. P2P support? Yep. Netflix unblocking? Naturally. Industrial-strength encryption, kill switch, DNS leak protection, solid and reliable performance and a clear no-logging policy? You’ve got it.
Downsides? Not many to speak of. The ExpressVPN service supports five simultaneous connections per user (increased recently from three), and it comes with a premium price tag. But if you want a speedy service, crammed with top-notch features, and with all the support you need to help you use them, ExpressVPN will be a great fit. While they don’t have a free trial, ExpressVPN has a no-questions-asked 30-day money-back guarantee if you aren’t happy with the service.
