Who owns this huge database of leaked VPN user details?

[Gandalf_The_Grey]

Content source

https://www.comparitech.com/blog/information-security/vpn-database-leak/

More than 300 million records containing the personal information of VPN users was exposed on the web without a password, Comparitech researchers report. 45 million of the records included user account info such as email addresses, full names, and encrypted passwords.

Based on our findings, ActMobile Networks Inc appears to be the owner of the data. The company operates Dash VPN, FreeVPN.org, and Dash Net Accelerated VPN, among others. However, ActMobile denied ownership of the data, saying it “does not maintain databases” in an email response to Comparitech.

Timeline of the exposure
Here’s what we know happened:

• October 6, 2021 – The database was indexed by search engines.
• October 8, 2021 – Diachenko discovered the exposed data and immediately alerted ActMobile per our responsible disclosure policy. The company did not respond to any of our attempts at contact to ActMobile support, team members, domain registrants, and server administrators. After multiple failed attempts to contact the company privately, Diachenko sent an alert on Twitter.
• October 15, 2021 – The database was closed.
• November 1, 2021 – The data was leaked on hacker forums.

The data was exposed for at least a week in total and has since been uploaded to hacker forums. Our honeypot experiments show attackers can find and steal unprotected data in a matter of hours, so users can assume the worst.