Database with millions of data of VPN users unprotected on the Internet (Oct. 2021)

Sicherheit (Pexels, allgemeine Nutzung)[German]Anyone who uses VPN providers must be able to rely on their security and integrity. Security researcher Bob Diachenko of comparitech has recently come across an unprotected database (no password) on the Internet containing more than 300 million records with the personal data of VPN users. The records have since been traded on underground forums, and the operator of a VPN service denies maintaining a database. But a week after the company was notified, the database had disappeared from the Internet.


I came across the issue in question the days via subsequent tweet by Bob Diachenko. The leak was documented by Paul Bischoff on the Comparitech blog in the post Who owns this huge database of leaked VPN user details?

VPN database leaked

On October 6, 2021, the database was indexed by search engines; Bob Diachenko came across the unprotected database publicly accessible on the Internet on October 8. The database contained more than 300 million records with personal information of VPN users. 45 million of the records contained information about user accounts such as email addresses, full names and encrypted passwords.

According to Comparitech's findings, ActMobile Networks Inc. appears to be the owner of the data. The company operates Dash VPN, and Dash Net Accelerated VPN, among others. However, ActMobile denied owning the data, stating in an email response to Comparitech that it "does not maintain any databases."

Comparitech took additional steps to verify the legitimacy of the data. It was able to confirm that at least one user from the database had an account with Dash VPN. However, the database was then taken offline on October 15, 2021, and disappeared from the Internet.

The data has since surfaced on hacker forums, increasing the risk of attacks on users. The exposed data poses a serious risk to users whose personal information was exposed. The data could be used for phishing attacks and, if passwords are compromised, to take over accounts and fill in credentials. The data could also be used to track VPN users based on the IP addresses of their devices.


More details can be found in the original post. Fits with the post Former malware distributor buys ExpressVPN, CyberGhost etc., that I published here on the blog a few days ago.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *