Jump to content
Sign in to follow this  
Nytro

VPN firm that claims zero logs policy leaks 20 million user logs

Recommended Posts

VPN firm that claims zero logs policy leaks 20 million user logs

JULY 16TH, 2020  SUDAIS ASIF 
Sudais Asif
by Sudais Asif
on July 16th, 2020

The VPN company in the discussion is a Hong Kong-based UFO VPN owned by Dreamfii HK Limited.

Perhaps, the most ironic moments in the cybersecurity world occur when those who promise to protect your online privacy cannot guard their own turf. We’ve seen this happen from time to time with security firms getting hacked themselves.

Another similar case has emerged recently when the database of a Hong Kong-based VPN provider called UFO VPN was exposed with more than 20 million users logs.

 

Discovered by researchers from Comparitech on July 1st, 2020; the exposure occurred due to the database hosted on an Elasticsearch cluster being left without any password.

See: PureVPN claimed it does not keep logs, yet it provided user logs to the FBI

Worth 894 GB, the data allegedly included plaintext passwords, IP addresses, timestamps of user connections, session tokens, information of the device, and OS being used along with geographical information in the form of tags.

 

The implications of this are pretty dangerous in that not only user accounts are at risk of being taken over by malicious actors but users can also be tracked online.

Furthermore, using the session tokens, any encrypted data that someone gains access to could also be decrypted rendering the entire concept of encryption useless in this scenario.

 

VPN firm that claims zero logs policy leaks 20 million users logs

 

This, as Comparitech has rightly pointed out, goes against the service provider’s privacy policy and the promises of a zero log policy it has communicated to its users:

UFO VPN does not collect, monitor, or log any traffic or use of its Virtual Private Network service, under any circumstances, on any platform.

See: Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns

The incident was reported to UFO VPN and the database was secured yesterday on 15 July. The company, on the other hand, claims that due to the certain employee being changed because of the Coronavirus, the issue could not be identified earlier stating the following:

In this server, all the collected information is anonymous and only be used for analyzing the user’s network performance & problems to improve service quality. So far, no information has been leaked.

 

 

 

This though of course if what the company seems to be saying to mitigate the damage to its reputation with the facts clearly suggesting otherwise. For the future, hence, it remains to see if the firm improves its security practices and how many users jump ship. Users of the provider are suggested to immediately change their account passwords as they may be at risk.

 

 

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

 

Sursa; https://www.hackread.com/vpn-firm-zero-logs-policy-leaks-20-million-user-logs/

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...