According to investigators at Cybernews, BeanVPN, found on the Google Play store, left around 18.5GB of collection logs exposed. Within those logs were numerous records that contained device IDs, Play Service IDs, connection timestamps, IP addresses, and more. Cybernews reported the database discovery after running an ElasticSearch instance and BeanVPN has since removed the data. Prior to the removal, the information may have fallen into the wrong hands, and if so, it could be used to reveal the identity of those using the VPN service, as well as their location and email address via the Play Service ID. BeanVPN claims to not store any data, but with the information that was supposedly included in the publicly available database, those claims would prove to be false. No comment has been made by Bean VPN thus far.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is