21 million records were leaked on Telegram, exposing the email addresses and hashed passwords of the users of several VPNs.
The SQL dump was posted on Telegram on May 7th, 2022.
The dump, exposing users from several VPN services including GeckoVPN, SuperVPN, and ChatVPN, was initially offered for sale on the dark web back in 2021. It is now posted for free on Telegram.
The file, a Cassandra database dump, is dated 2021-02-25.
Note that we reported
a leak affecting SuperVPN back in 2020, but it seems that the released information is different from our previous report.
The breach contains 21 million records, counting for 10 GB of data, exposing about 21 million people (the records appear to be unique).
Overall, the database contains:
- Email addresses
- Usernames
- Full names
- Country names
- Randomly generated password strings
- Billing details
- Premium status and validity period
It appears that the passwords were either hashed and salted or random, without collision. This means each password hash is different, making them harder to crack.
99.5% of the email addresses were Gmail accounts, which is much higher than the average percentage. This may also mean the group who leaked the dump shared a subset of the data and not the full dump. It is important to note that for ethical reasons, we do not keep the data. We only keep a sample for the purpose of our research.
GeckoVPN, SuperVPN, and ChatVPN are all free
VPN service providers.
