SuperVPN is not so great: 360 million user records leaked
Popular VPN service SuperVPN turned out to be a data farm in disguise that stored and sold the personal data of its users.
Jeremiah Fowler has discovered a serious security breach in a public database associated with the popular free VPN service SuperVPN. The database contained 360,308,817 records, totaling 133 GB. A wide range of sensitive information was found in these records, including user email addresses, source IP addresses, geolocation data, and server usage records.
In addition, the leak revealed secret keys, unique app user numbers, and UUIDs that can be used to identify additional useful information.
Other information found in the database covered phone or device models, operating systems, internet connection types, and VPN app versions. In addition, the leak included requests for a refund and data on paid accounts.
Even though SuperVPN claims not to store user logs, the data leak shows otherwise and is against company policy. It also goes to show that “Almost every major free VPN service is a data farm in disguise.”
With growing concerns about online privacy and security, the demand for VPN services has increased in recent years. As a result, the market has witnessed a significant increase in the number of VPN applications available to users.
However, this surge in offerings has resulted in an alarming number of VPN apps that are unreliable and don’t provide the level of privacy and security you expect. This results in a counterproductive user experience, as the lack of adequate security protocols puts their information at risk of being lost through a data breach.
According to vpnMentor’s report, most of the entries in the data breach were related to SuperVPN, a free VPN app available from both the Apple App Store and the Google Play Store.
In addition, the researchers noted two apps called SuperVPN, each owned by a different developer. Qingdao Leyou Hudong Network Technology Co. was the developer of SuperVPN for iOS, iPad, and macOS, while SuperSoft Tech developed a second app of the same name.
However, it is important to note that this is NOT the first time SuperVPN has been accused of leaking the personal data of its unsuspecting users. In fact, as SecurityLab.ru reported in May 2022, SuperVPN was on the list of free VPN services which leaked the data of more than 21 million users.
In a vpnMentor report, Fowler noticed that SuperVPN customer support email addresses were associated with StormVPN, Luna VPN, RocketVPN, and GhostVPN. In addition, links to each of these VPN providers were seen in the database.
While there is no way to confirm that they are all owned by the same company, it wouldn’t come as a surprise if that were the case. The proliferation of unreliable VPN applications can be attributed to profitable developers seeking to capitalize on the growing demand for confidentiality and security.
The VPN industry has become highly lucrative with millions of users around the world looking to find reliable solutions to secure their online presence. In this situation, some developers prioritize monetary benefits over user security by focusing on fast and cheap development, marketing and distribution of VPN applications.
Therefore, for one company to produce several VPN applications with different names and slightly different functionality, allows it to reach more users.
When choosing a free VPN service, you need to be careful and consider certain red flags that indicate potential risks. These include:
Unclear data collection and use policies: Make sure the VPN service does not store your internet activity to avoid the risk of data being sold to advertisers or third parties.
Lack of transparency: Pay attention to the lack of an “About us” section on the VPN provider’s official website, as this may indicate a lack of information about who processes your information.
DNS Leak Protection: Make sure your VPN offers DNS leak protection to prevent your ISP from seeing your online activity.
Weak Encryption: Avoid VPNs that offer encryption weaker than 128-bit or 256-bit AES as this increases the risk of your information being compromised.
Negative feedback: read user reviews and consult reputable review sites to gauge the experiences and concerns of other users before choosing a VPN service.
The proliferation of VPN applications creates both opportunities and challenges for users seeking privacy and security in their online activities. While the market offers a wide range of reliable VPN solutions, the growing number of untrusted applications requires caution and informed decisions.
By understanding the factors that contribute to VPN oversupply, identifying the risks associated with their use, and implementing measures to mitigate those risks, users can make more informed choices to protect their online privacy and security.
Learn more about how to choose the right reliable VPN read our article .