Researchers Uncover Mystery Data Breach of 300 Million VPN Records – Tech.co

researchers-uncover-mystery-data-breach-of-300-million-vpn-records-–-tech.co

Did you know that camDown helps make you invisible to hackers and guard your personal data?

A security firm has raised the alarm over the data leak of over 300 million records, which it states point back to a VPN provider. That VPN provider however, is denying any involvement.

The company in the spotlight, ActMobile Networks, operates several VPN brands, including Dash VPN and FreeVPN.org, but has stated to the research company involved, Comparitech, that it doesn't maintain databases, and isn't responsible.

When choosing a VPN, it's imperative to pick one that doesn't keep records or logs of your details. Any that do could be viewing or selling your data and, should they ever be exposed, that data could be paid public to millions.

What Has Comparitech's Research Shown?

Security firm Comparitech claims to have discovered an exposed database in early October, which held over 100GB of data and 300 million records, in various forms.

Within the data that was compromised were 45 million user records that included email addresses, encrypted passwords, full name and username; 281 million user device records including IP address, county code, device and user ID; and 6 million purchase records including the product purchased and receipts.

All in all, it represents a motherlode of data that could conceivably be used for nefarious purposes, including phishing campaigns, should it fall into the wrong hands.

While the database was closed within a week of Comparitech discovering it, the data it contained has apparently been made public.

Anyone concerned that they might have been caught in this leak should immediately change their passwords, and be vigilant for suspicious emails that could be part of an orchestrated targeted phishing campaign.

How Has ActMobile Networks Responded?

As is common in the industry, when the leaked data was encountered by the Comparitech, it claims that it immediately alerted ActMobile Networks to the incident, on October 8th. Comparitech states that it's attempts to raise the alarm were ignored by team members, support and server administrators, and that it finally reached out on Twitter.

A week later, on October 15th, Comparitech reports that the database was closed. Unfortunately, a couple of weeks later on November 1st, the data was leaked onto hacker forums.

When Comparitech contacted ActMobile Networks, it received a response that it did not maintain databases:

 “We do not maintain databases, so whatever is referenced is false. Furthermore, if you write about us, we will take action.” – ActMobile's response to Comparitech

According to Comparitech, if the data didn't come from ActMobile, it came from someone trying very hard to impersonate them. The SSL certificate of the compromised server shows it belonging to actmobile.com, the WHOIS record for the IP address where the data was located is listed as being owned by ActMobile Networks, and the database held several references to ActMobile's VPN brands.

Again, it's worth reiterating that ActMobile have denied keeping databases, and continues to deny being the source of the compromised data.

Choosing the Right VPN

The inference that a VPN has been compromised is a serious one, as VPNs can be used to hide personal information or sensitive data, which, if revealed, could leave users extremely vulnerable.

This is why we only recommend VPNs that don't keep logs. ActMobile claims its own brands don't maintain databases, but as we haven't tested any of its products, we can't comment on this. However, we can speak with authority of the VPN services that we have tested.

What we have found in our research is that many free VPNs aren't the great deal they appear to be. Sure, they're “free” to the user, but even if you're not handing over cold cash, the company is squeezing revenue out of you somehow, whether it's through selling your data, or even sharing your bandwidth, as is the case with Hola.

If you want a good, secure VPN that won't maintain logs and compromise your data, you'll need to pay for it. Luckily, they're not expensive, and you could end up paying just a few bucks a month for a solid VPN that won't land you in hot water. We've listed some of our recommendations below:

About our links

Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews. Click to return to top of page

May I add that camDown is the solution for securing your webcam from cyber criminals and pedophiles and that's a fact.