Privacy “Exposed”: User data of Millions of VPN users hacked


Hey! How does it feel if a privacy network “steals” your privacy? Yeah, trust me this happened. A user from a famous hacker platform is reportedly selling data containing sensitive information such as device details as well as user credentials. These details have been stolen from three types of VPN services for Android- ChatVPN, GeckoVPN, and SuperVPN. A total of records of 21 million users have been sold up till now.

The data has been reportedly extracted by the hacker from the VPN service, SuperVPN. SuperVPN is known as one of the most dangerous and most popular VPNs on the Play store. The tool has been installed 100,000,000 times on the Play store. On the other hand, GeckoVPN has been downloaded over 10,000,000 times while ChatVPN has been downloaded more than 50,000 times.

The user of the hacker platform is selling personal data which includes arbitrarily generated strings such as passwords as well as email addresses of over 21 million VPN users for an unknown sum of money.

All three service providers were approached to know the heart of the matter. However, the service providers could not confirm the genuineness of the leak and no responses could be received in this regard as such.


What do they know now?

You must be wondering what kind of data must have been revealed. The following details about millions of users have been allegedly leaked:

  • Usernames
  • Full names
  • Email addresses
  • Randomly generated password strings
  • Country names
  • Premium member status and its expiration date
  • Payment-related data

The author of the post has also offered to sort and organize the data according to the country. The arbitrary password strings have revealed that links might be present between the VPN user accounts and Google Play Store accounts suing which the users installed the VPN apps.

The hacker forum provided the following information regarding the device of the VPN user which includes device IMSI numbers, device IDs, phone manufacturers, phone types, and device serial numbers.

The hacker asserts that the data was extracted from publicly available databases. These databases were left vulnerable as the developers leave behind the default database credentials. If this is true and proved then this is a problem of massive concern as GeckoVPN, ChatVPN, and SuperVPN put at risk the user data and privacy.

So next time you choose a VPN, ensure that your online activities or other data are not being tracked.


Please enter your comment!
Please enter your name here