As reported by her researchers vpnMentor cybersecurity, discovered an unsafe server, which is used by many VPNs and was "completely open and accessible, exposing private user data that could be seen by anyone".
The lead researcher Noam Rotem reported that his team found entries within the exposed database, with personal information such as addresses e-mail, home addresses, clear text passwords, IP addresses and other information that could allow an individual to be identified.
"The lack of basic security measures in a critical part of a cyber security product is not just shocking. It also shows a complete infringement of standard VPN practices that put their users at risk, ”Rotem said.
In fact, some of these VPNs offer premium services, for a small fee. The researchers were able to access users' data in this case as well.
According to the research, the applications of the exposed server have a common owner and developer based in Hong Kong.
Representatives of UFO VPN and Fast VPN stated the following:
"Due to the personnel changes caused by COVID-19, we did not immediately find the bugs in the server firewall, which would lead to the potential risk of breach. "Now they have been corrected."
Mobipotato, the company that represents FastVPN, confirmed that the server was exposed from June 29 to July 13.
The other companies affected by the leak have not commented on the matter.
The technology specialist Trevor Long advises internet users not to use free VPN services. "VPNs are a great and recommended way to ensure your security, especially when you are on a public network Wi-Fi "Or you work remotely from your home or office, but you have to trust a larger VPN company," he said.