Joker Stash New Link
Uniccshop New Link Approved Cvv Shop Iprofit Cvv Shop

User data for a number of vpn applications is freely available over the internet

Ferum Shop   Trump-Dumps

Not open for further replies.


Staff member
Jul 6, 2020
An unprotected server with personal information and data on Internet activity of 20 million people was found on the Internet.

The vpnMentor research team has discovered an open access to an unprotected server of popular free VPN applications that stores user data. The lack of basic protection in a security product such as a VPN application is not only surprising, but also demonstrates the complete disregard of standard VPN practices by their developers , putting users at risk.

The server is used by UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN applications, according to the researchers. Judging by the number of their users, the server stores personally identifiable information of over 20 million people, including email addresses, unencrypted passwords, IP addresses, home addresses, data on smartphone models, device identifiers and other technical details. A total of 1,083,997,361 records were found on the server with a total volume of 1.207 TB.

Although the above applications are positioned as " no-log " (that is, they do not record user activity), the researchers found on the server many records of user activity on the Internet.

Since all data is stored on the same Elasticsearch server and hosted in the same assets, and the recipient of payments for applications is the same Hong Kong company Dreamfii HK Limited, the researchers suggested that they were created by the same developer, but are used under different brands.

The researchers tried to contact the app publishers, the developer, the Hong Kong-based CERT, and several journalists. They were not able to get an answer from all publishers. However, even if it was possible to contact, the dialogue was practically fruitless. Dreamfii representatives ignored attempts to contact them. CERT responded that "since the IP addresses are located in the US, and the information provided is not related to Hong Kong," researchers need to contact the US CERT or provide more data to link the leak to Hong Kong.
Not open for further replies.