A user on a popular hacking forum is advertising that they will sell the details of user accounts from three different VPN services offered on Android. The data comes from SuperVPN, GeckoVPN, and ChatVPN. The stolen information includes emails, passwords, usernames, full names, country names, randomly generated password strings, payment-related data, and member status. The randomly generated password string is a strong indication that the VPN account could be linked with their Google Play Store accounts, where the apps were downloaded from. The author of the post stated the data was stolen from publicly available databases that were left vulnerable by the VPN providers due to developers leaving the default credentials in place.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased