Read more: https://www.vpnmentor.com/blog/vpn-leaks-found-3-major-vpns-3-tested/
"We tested 3 popular VPNs: Hotspot Shield, PureVPN, and Zenmate with accredited researchers to find if the VPNs could leak data.
We regretfully found that all of them leak sensitive data.
On the positive side, after we contacted the VPN vendors, we saw Hotspot Shield was fast to respond and release a patch within days. We are still waiting to hear from the other two VPN vendors, and have decided to publish the information in hope that they will hurry up and fix the underlying issues for the benefit of their users."
Hotspot Shield vulnerabilities (PATCHED)
Hotspot Shield response
PureVPN response
ZenMate response
via Privacy: Hotspot Shield, PureVPN, and ZenMate found to leak sensitive data
"We tested 3 popular VPNs: Hotspot Shield, PureVPN, and Zenmate with accredited researchers to find if the VPNs could leak data.
We regretfully found that all of them leak sensitive data.
On the positive side, after we contacted the VPN vendors, we saw Hotspot Shield was fast to respond and release a patch within days. We are still waiting to hear from the other two VPN vendors, and have decided to publish the information in hope that they will hurry up and fix the underlying issues for the benefit of their users."
Hotspot Shield vulnerabilities (PATCHED)
- CVE-2018-7879 meant that the Hotspot Shield Chrome extension could be used to hijack traffic
- CVE-2018-7878 leaked sensitive data
- CVE-2018-7880 was the most serious, leaking the real IP address of users
- Similar issues, but no details revealed due to the risk posed to users
Hotspot Shield response
"The researchers hired by vpnMentor did not find any vulnerabilities in the mobile or desktop versions of Hotspot Shield. The vulnerabilities they reported were present only in the free Chrome plug-in. Neither mobile nor desktop users of the Hotspot Shield app were affected by these vulnerabilities. We appreciate and commend vpnMentor’s initiative to improve the security of consumer VPN applications, and look forward to seeing more research from their side involving more VPN products in the near future.”
PureVPN response
"The Firefox browser, by default, has an inherent limitation where it makes it almost impossible to identify and differentiate remote and local hosts. Our intention was to allow users the freedom to access all local domains conveniently while using our extension.
The tests that were carried out were not on PureVPN's latest Firefox extension build, since it has already been patched.
The Firefox store clearly shows that our extension was last updated on March 07, 2018, and this update included the fix for the above mentioned issue."
The tests that were carried out were not on PureVPN's latest Firefox extension build, since it has already been patched.
The Firefox store clearly shows that our extension was last updated on March 07, 2018, and this update included the fix for the above mentioned issue."
ZenMate response
Awaiting comment
via Privacy: Hotspot Shield, PureVPN, and ZenMate found to leak sensitive data