New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


BeanVPN Leaves Data Exposed via Publicly Available ElasticSearch Database

According to investigators at Cybernews, BeanVPN, found on the Google Play store, left around 18.5GB of collection logs exposed. Within those logs were numerous records that contained device IDs, Play Service IDs, connection timestamps, IP addresses, and more. Cybernews reported the database discovery after running an ElasticSearch instance and BeanVPN has since removed the data. Prior to the removal, the information may have fallen into the wrong hands, and if so, it could be used to reveal the identity of those using the VPN service, as well as their location and email address via the Play Service ID. BeanVPN claims to not store any data, but with the information that was supposedly included in the publicly available database, those claims would prove to be false. No comment has been made by Bean VPN thus far.

Analyst Notes

Threat actors who may have accessed the database could use the information to carry out different styles of scam campaigns, especially since the information is so recent. Users may not find out that their information was included until after they are a target of an attack. To lessen the likelihood of becoming a victim, users should be vigilant when receiving emails from unknown senders. Never open attachments if the sender cannot be verified. If the sender can’t be verified, it’s better to avoid interacting with the message and any attachments that may be included.