![]() So far, no information has been leaked.” īut based on some sample data, we do not believe this data to be anonymous. “In this server, all the collected information is anonymous and only be used for analyzing the user’s network performance & problems to improve service quality. “We don’t collect any information for registering,” the spokesperson said. More than two weeks after we sent a disclosure to UFO VPN, the company shut down the database and responded by email, “Due to personnel changes caused by COVID-19, we’ve not found bugs in server firewall rules immediately, which will lead to the potential risk of being hacked. UFO VPN claims to have 20 million users on its website, and the database exposed more than 20 million logs per day. It’s not clear how many users are affected, but our findings suggest that potentially all users who connected to UFO VPN at the time of exposure could be compromised. This dataset, which we believe was exposed a second time by UFO VPN, was even bigger and contains records as recent as July 19. Update July 21, 2020: After the exposed data had been secured, it resurfaced a second time on July 20 at a different IP address. He immediately alerted the company upon discovering the exposed data on July 1, 2020. The exposed information includes plain text passwords and information that could be used to identify VPN users and track their online activity.īob Diachenko, who leads Comparitech’s security research team, uncovered the exposure, which affects both free and paid users of UFO VPN. Hong Kong-based VPN provider UFO VPN exposed a database of user logs and API access records on the web without a password or any other authentication required to access it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |