The providers, who claimed not to keep any logs of their users’ online activities, left 1.2 terabytes of private user data exposed. The data, found on a server shared by the services, included the Personally Identifiable Information (PII) of potentially as many as 20 million VPN users.
Amer Owaida from ESET’s Welivesecurity, says the report calls into question the providers’ security practices and dismisses their claims of being no-log VPN services.
"Besides the personal details, which included the users’ email and home addresses, clear text passwords, and IP addresses, the server was also found to store several instances of internet activity logs, which casts doubt on the providers’ claims about strict no-logs policies," he explains.
UFO VPN, FAST VPN, FREE VPN, SUPER VPN, Flash VPN, Secure VPN, and Rabbit VPN are all implicated in the incident.
See 7 VPN services leaked data of 20 million users – report
The report calls into question the providers’ security practices and dismisses their claims of being no-log VPN services.