When you use a VPN service, you’re trusting it with the same data that your internet service provider would typically collect.
That’s why it’s crucial to properly research any VPNs you use, even if they claim to not collect any logs. Case in point: seven VPN services using the same white-label provider were found leaking a lot of user data.
Comparitech published a report earlier this week saying ‘UFO VPN,’ a service based in Hong Kong, had an exposed database with 894GB of data.
The information included plain-text account passwords, VPN session secrets/tokens, IP addresses of client devices and servers, the operating system being used, and more.
The company’s website still claims the VPN has a “zero log policy.” UFO VPN is available on Android (among other platforms), and has over 10 million installations on the Play Store.
The fun didn’t stop there, though. The research team at vpnMentor later discovered that UFO VPN was one of several white-label VPNs sharing a common codebase and infrastructure. FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN were also found to be leaking data, bringing the total to 1.207 TB of private information.
Again, all these services have apps on the Play Store, each ranging from 10 thousand to 1 million installs. So far, only Rabbit VPN has been pulled from the store.
Originally published at Android Police