Avoid These VPNs Without Registration That Have Leaked Data to Millions of Users
We wish we didn’t need VPNs, but they can be a necessary part of a balanced breakfast of data security. ISPs, governments, advertisers, and even individuals who want to know what you are doing on the Internet can find ways to easily track your browsing data. VPNs complicate this (but hardly impossible) by obfuscating your connection through a proxy server. They cannot hide you from everyone , but they are a valuable privacy tool, unless they are responsible for leaking your data.
Cybersecurity firm Comparitech reports that UFO VPN user database is leaked daily due to poor security. The firm reported the UFO VPN leak on July 1. Comparitech reports that the database contains:
- Account passwords
- VPN Session Secrets and Tokens
- The IP addresses of both user devices and the VPN servers to which they are connected.
- Connection time stamps
- Geo-tags
- Device and OS characteristics
- URLs that look like domains from which ads are injected into users’ free web browsers.
Most of this data is stored in easily readable text files, but the database was not secured or encrypted. It didn’t even need a password to access. The number of accounts affected is unknown, but it is possible that all UFO VPN users have leaked at least some of their data; the database opened over 20 million user logs per day. Worse, UFO VPN used the same codebase and setup as a number of other generically named Android VPN apps, with some having up to one million individual installations. These additional apps, according to Android Police, include:
- Fast VPN
- Free VPN
- Super VPN
- Flash VPN
- Secure VPN
- Rabbit VPN
What to do if your information is leaked
If you’ve used any of these VPNs, change your account details as a minimum. Update any other accounts using the same passwords – get unique passwords already – and turn on two-factor authentication for whatever services you can. Use Have I Been Pwned to check for potential tradeoffs and update your passwords as needed.
I don’t blame anyone for leaving UFO VPN after this debacle. This leak puts users at risk and undermines their credibility and, frankly, the VPN market in general . Lots of VPNs make the same no-registration promise as UFO VPNs, and it is now perfectly justifiable to question whether they are telling the truth. It’s worth taking the time to find a VPN you trust more than ever.
But don’t think VPN is a lost cause. As I said earlier, they are part of a good data protection strategy. For the highest possible level of security, you need more than just a VPN – even a reliable one.
We are obviously big fans of encrypted password managers , but you can also increase your privacy with a suitable web browser and / or its add-ons . You can also enable DNS over HTTPS if your browser or device operating system allows it, as it also helps hide your web traffic from third-party peer-to-peer networks. While no system is reliable, a well-thought-out combination of these strategies can greatly simplify recovery from a data breach.