Several Android VPN hacked, data of 21 million users online

[German]Security researchers from Cybernews have found a data leak. Three of the largest Android VPNs has been hacked and the data of 21 million users has recently been put up for sale online. 

Advertising security researchers informed me a fews days ago about the hack and this data leak. A user on a popular hacker forum is selling three databases with a total of 21 million records that allegedly contain user credentials and device data that were grabbed from three different Android VPN services.

According to this Cybernews report, the VPN services whose data the hacker allegedly exfiltrated are SuperVPN, which is considered one of the most popular (and dangerous) VPNs on Google Play, with over 100,000,000 installs on the Play Store. Furthermore, GeckoVPN (10,000,000+ installs) and ChatVPN (50,000+ installs) were hacked..

What data is public?

According to security researchers, personal data of the VPN's users was captured in this hack. This data includes:

  • Email addresses
  • User names
  • Full names
  • Country names
  • Randomly generated password strings
  • Payment related data
  • Premium membership status and its expiration date

Based on the samples that the security researchers were able to view from the archive, the collection also appears to contain information about user devices. This data includes:

  • Serial numbers of devices
  • Phone types and manufacturers
  • Device IDs
  • IMSI numbers of the devices

The forum user is thus selling highly sensitive device data and login credentials – email addresses and randomly generated strings used as passwords – of more than 21 million VPN users for an undisclosed sum. Security researchers have reached out to SuperVPN, GeckoVPN and ChatVPN to ask the providers if they can confirm the authenticity of the leak. However, so far there seems to have been no responses. Cybernews' investigation of this leak is still ongoing, however, and the security researchers plan to update their article here as soon as new findings are available.


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *