Just as they say, free things are never free! Equally, some VPNs may be free, but you could pay a price by trusting them with your data. New research conducted in the past month uncovered findings for free VPN users, with several of the prominent apps found to be keeping logs of user data.
Despite marketing themselves as not collecting users’ data, the companies were discovered to be harvesting data, plus storing it in an unsecured backend server. Up to 20 million users may have unknowingly had their data stored this way.
The research, carried out by vpnMentor, was part of an ethical hacking project to test VPN systems for weaknesses. This found sensitive user data left on unencrypted servers, thus making them easily accessible.
The information available, in plain text, included usernames, passwords, email addresses, home addresses, device information, and Bitcoin accounts. Accordingly, this data included the personal details of up to 20 million users. The files came to a whopping 1.2TB of data, and included 1,083,997,361 files.
READ ABOUT: How to make your VPN more secure
List of insecure VPNs you might be using
The VPN apps found to be using these unencrypted servers are all Hong Kong-based, Chinese software packages. vpnMentor believes these could be white label software that can be repackaged by a third party and sold under a different name.
The apps found to be using the unencrypted servers are:
- UFO VPN
- Fast VPN
- Super VPN
- Free VPN
- Flash VPN
- Secure VPN,
- and Rabbit VPN
If you are currently using any one of these apps, we recommend uninstalling it immediately, and changing any passwords that you may have used with the software. All these VPNs are still available on the Google Play Store, and between them have millions of users.