VPN services are mushrooming across the globe and the offers are getting more and more aggressive. To stand out in a highly competitive market, some service providers stand out by the price of their offers, or the services.
This is how some offer a “zero log” offer to stand out and offer an additional layer of security to users. The promise is simple: while using the VPN, no trace of user activity is stored, no history is theoretically created, thus ensuring an added layer of anonymity…
Bad news: Bob Diachenko, a security researcher has despite everything got his hands on more than a terabyte of logs belonging to users of these VPN services yet guaranteed zero log. The data was also accessible to the public on an Elasticsearch server, the flaw would concern 7 VPN providers.
UFO VPN is the first concerned with 894 GB of log data displaying the passwords of user accounts, IP addresses, preferred servers and even the identifiers of the services consulted from the VPN as well as the domain names visited. The file would thus bring together 20 million unencrypted entries, i.e. all subscribers to the supplier’s service…
Six other providers, all located in Hong Kong have also been pinned for similar facts: Fast VPN, Flash VPN, Free VPN, Rabbit VPN, Secure VPN and Super VPN. In total, 1.2 TB of logs were thus retrieved on the web and available online for an unknown period.