Seven VPN firms claiming No Logs leaks 1.2TB of data and 20M user logs

[upnorth]

Content source

https://www.hackread.com/vpn-firm-zero-logs-policy-leaks-20-million-user-logs/

The VPN company in the discussion is a Hong Kong-based UFO VPN owned by Dreamfii HK Limited.

Perhaps, the most ironic moments in the cybersecurity world occur when those who promise to protect your online privacy cannot guard their own turf. We’ve seen this happen from time to time with security firms getting hacked themselves. Another similar case has emerged recently when the database of a Hong Kong-based VPN provider called UFO VPN was exposed with more than 20 million users logs. Discovered by researchers from Comparitech on July 1st, 2020; the exposure occurred due to the database hosted on an Elasticsearch cluster being left without any password.

Worth 894 GB, the data allegedly included plaintext passwords, IP addresses, timestamps of user connections, session tokens, information of the device, and OS being used along with geographical information in the form of tags. The implications of this are pretty dangerous in that not only user accounts are at risk of being taken over by malicious actors but users can also be tracked online. Furthermore, using the session tokens, any encrypted data that someone gains access to could also be decrypted rendering the entire concept of encryption useless in this scenario.

VPN firm that claims zero logs policy leaks 20 million user logs

Follow us on Twitter @HackRead

www.hackread.com

 

[ForgottenSeer 85179]

Typical VPN provider.
Users need to understand this in hard way as nobody know or want know for what VPNs are.

 

[Vitali Ortzi]

Typical VPN provider.
Users need to understand this in hard way as nobody know or want know for what VPNs are.

It's just marketing that got people paying a monthly fee to slow their internet downand to route their traffic including all embarrassing suff .
Seriously paying for MITM XD
Consumers nowadays.

 

[upnorth]

In this case, there seem to be at least seven VPN providers whose customer data was leaked, completely contrary to their marketing claims of 'no logging.'

Seven 'no log' VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet

Maybe it was the old Lionel Hutz play: 'No-logging VPN? I meant, No! Logging VPN!'

www.theregister.com

 

[blackice]

Seven 'no log' VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet

Maybe it was the old Lionel Hutz play: 'No-logging VPN? I meant, No! Logging VPN!'

www.theregister.com

For the Algo suggestion I would say that I tried it and liked it quite a bit. Learned a bit of Linux along the way.

 

[TairikuOkami]

Honesty is the way to gain trust, they just have to admit it. Like DNS providers: We do not log! Yet they keep logs for 48 hours for security reasons (DDoS).

 

[Fuzzy_Bunny]

VPNs are useful only for bypass geo restrictions. Privacy and anonymity is pure BS

 

[brambedkar59]

"Secure VPN" " FAST VPN" Ohh the Oxymorons

 

[klepto]

TBH, I don't even know what is the alternative for a vpn would be. Possibly DoH and hope https keeps you safe?

 

[Fuzzy_Bunny]

If you talk about privacy disconnect from internet, stop using phones and TVs.
You will never be anonymous on internet, no matter what you do.
Just accept that and stop thinking and looking for solutions

 

[blacksheep]

Anyone still using free VPN's should read my guide Q&A - How to choose VPN provider | Guide by blacksheep

Anyways, this leak and VPN provider is just disgusting.

 

[ForgottenSeer 85179]

TBH, I don't even know what is the alternative for a vpn would be. Possibly DoH and hope https keeps you safe?

Alternative for what? What want you protect?

Also "hoping" that https is safe isn't needed. The protocol is safe.

 

[Thales]

The name is UFO VPN and originally from Hong Kong. lol. no thanks.

 

[enaph]

"No logs" VPN's are just like "100% detection rate" AV's - just a marketing gibberish

 

[TairikuOkami]

TBH, I don't even know what is the alternative for a vpn would be. Possibly DoH and hope https keeps you safe?

Encrypted DNS/searches, VPN will help you to gain some privacy from ISP, MITM and from the local government, but if they want to spy on you, they will.

 

[ForgottenSeer 85179]

VPN will help you to gain some privacy from ISP, MITM and from the local government,

Doesn't matter as the VPN do the same. So in best case, you only switch your trust from ISP to VPN. In normal case, the VPN just add another attack surface and MITM increasing.

 

[Cortex]

Though these VPN's have shown themselves to be untrustworthy, it don't mean that all VPN's also lie about there data retention - The issue is Free, Cheap & VPN cannot exist in the same sentence - There are many threads with i want a good free VPN, AV, whatever - People today want something esp in PC program for nothing & with a VPN server space & bandwidth are not cheap or free - There are some VPN's I trust to a degree, IVPN, ExpressVPN. Mullvad, Perfect Privacy for example.

The problem is none of these are anything like cheap - If you disdain VPN's & feel this latest revelation is amusing or even funny that's sad., your ISP could be less than trustworthy also? If you want a VPN be prepared to pay in excess of £100 a year minimum (I do)

@security123 - You obviously dislike any VPN & use every opportunity to point this out, I disagree with you totally - Pointless discussing it as it's been done 100s of times? You seem obsessed with attack surfaces, are you wanted by many governments?

 

[CyberTech]

@security123 - You obviously dislike any VPN & use every opportunity to point this out, I disagree with you totally - Pointless discussing it as it's been done 100s of times? You seem obsessed with attack surfaces, are you wanted by many governments?

Spoiler

 

[ForgottenSeer 85179]

Spoiler

Can I use that picture as my Avatar?

 

[CyberTech]

Can I use that picture as my Avatar?

Sure that will be 20$ monthly, Our admin email: ILoveMT4ever@malwaretips.com