UFO VPN, for one, blamed the coronavirus for preventing its staff from securing the database's networking. On July 14, Diachenko, we're told, warned UFO VPN's hosting provider that the database was unsecured, and the next day, it all disappeared from sight, some 18 days after the system appeared in search engine Shodan.io. VPNmentor created an account with one of the providers, and spotted that new account in the logs, specifically "an email address, location, IP address, device, and the servers we connected to." VPNmentor alerted the providers involved to get the cluster removed from public view, as well as HK-CERT, though it seems no action was taken to immediately rectify the situation. Using a free VPN? Why not skip the middleman and just send your data to President Xi? READ MORE Altogether, some 1.2TB of data was sitting out in the open, totaling 1,083,997,361 log entries, many featuring highly sensitive information, it is said. It appears seven Hong-Kong-based VPN providers – UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN – all share a common entity, which provides a white-labelled VPN service.Īnd they were all leaking data onto the internet from that unsecured Elasticsearch cluster, VPNmentor reported. Oh, it gets worseĪ few days later, on July 5, the data silo was separately discovered by Noam Rotem's team at VPNmentor, and it became clear the security blunder went well beyond UFO. Diachenko said he alerted the provider to the misconfiguration on July 1, the day he found the unprotected database, and heard nothing back. More than 20 million entries were added a day to the logs, according to Comparitech, and UFO happens to boast on its website it has 20 million users. UFO stated in bold in its privacy policy: "We do not track user activities outside of our site, nor do we track the website browsing or connection activities of users who are using our Services." Yet it appears it was at least logging connections to its service – and in a system anyone could access if they could find it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |