25 million free VPN user records exposed from BeanVPN

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Free VPN software left more than 18GB of connection logs accessible to the public. Threat actors could exploit the database to identify and even locate its users.

The Cybernews team discovered an open database containing 18.5GB connection logs generated by the BeanVPN app.

The dataset contained over 25 million records, including user device and Play Service IDs, internet protocol addresses (IPs), and connection timestamps, among other diagnostic information.

"The information found in this database could be used to de-anonymize BeanVPN's users and find their approximate location using geo-IP databases. The Play Service ID could also be used to find out the user's email address that they are signed in to their device with," said Aras Nazarovas, Cybernews security researcher.

The ElasticSearch instance our team discovered during a routine checkup is now closed. Cybernews repeatedly reached out to BeanVPN developer company IMSOFT for a comment but had not received a reply at the time of writing.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top