7 free VPN apps expose data from 20 million people


They are called VPN, which stands for Virtual Private Networks or virtual private networks. And they serve to keep your geographical location secret, allowing you to access websites that have been blocked or censored because they are not within your geographical scope.

By installing an app that allows us to create them, we can avoid websites and online trackers at the same time, which makes it very useful for example to access American sites that have discounts for Black Friday, for example.

7 free VPN apps hacked

A VPN also gives us tools that allow us to encrypt our Internet connection to protect the IP address, browsing history and other personal data when we are online, use applications or connect to WiFi. For this reason, it knows the private data of its users. Data that is not supposed to reveal. At least so far, as 7 free VPN apps have exposed private information of nearly 20 million users, such as emails, passwords, or IP addresses.

The vpnMentor research team, led by Noam Rotem, discovered the server and found Personally Identifiable Information (PII) data from potentially more than 20 million VPN users, according to claims of user numbers made by the VPNs.

Each of these VPNs claims that their services are “unregistered” VPNs, which means that they do not record any user activity in their respective applications. However, “we found multiple instances of activity logs on the Internet on their shared server. Our team found entries within the exposed database that contained a lot of personal data about users and technical information about the devices on which the VPNs were installed, “including:

See Also
How to use VPN on mobile? Five remote access questions and answers

Email addresses
IP addresses
Home addresses
Phone models
Device ID
Connection logs, traffic and visited sites
Source IP addresses
Internet Service Provider (ISP)
Actual location
Type of device
Device identification
App version
Phone models
User network connection
According to the experts, the VPNs exposed in this leak “share the same developer, based on the following findings”:

– VPNs share a common Elasticsearch server

– They are housed in the same assets

– They have a single recipient of payments, Dreamfii HK Limited

– At least three of the VPNs on the server share almost identical marks on their websites.

Using the PII data exposed through the ElasticSearch server, malicious hackers and cyber criminals could create highly effective phishing campaigns targeting users of exposed VPN applications. The affected VPNs are:



– Free VPN

– Super VPN

– Flash VPN

– Secure VPN

– Rabbit VPN


Please enter your comment!
Please enter your name here