Threat Watch

Stolen User Account Information From Three of Androids Largest VPNs For Sale

A user on a popular hacking forum is advertising that they will sell the details of user accounts from three different VPN services offered on Android. The data comes from SuperVPN, GeckoVPN, and ChatVPN. The stolen information includes emails, passwords, usernames, full names, country names, randomly generated password strings, payment-related data, and member status. The randomly generated password string is a strong indication that the VPN account could be linked with their Google Play Store accounts, where the apps were downloaded from. The author of the post stated the data was stolen from publicly available databases that were left vulnerable by the VPN providers due to developers leaving the default credentials in place.

ANALYST NOTES

According to researchers, if the data from the threat actor is legitimate, the VPN companies have been logging more data than what they say they are in their privacy policy. VPNs are typically used to keep the user’s identity private from third parties, which is why when choosing a VPN, users should ensure that the VPN does not log the activities and collect data about them. If someone did use one of the VPNs in question, they should change their password as well as their Google Play randomly generated password. If a client of one of these VPNs paid for a premium subscription, they should also note that payment method and watch it for any fraudulent activity. Anyone configuring a new device or database should ensure that they change the default credentials. Often threat actors will try to login to these accounts with default credentials to prey on the people that do not change them.

More can be read here: https://cybernews.com/security/one-of-the-biggest-android-vpns-hacked-data-of-21-million-users-from-3-android-vpns-put-for-sale-online/?web_view=true