Published: May 17, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
The old adage “nothing is free” rings true for 21 million users of free VPNs who found they paid a heavy price for their free app. The personally identifiable information (PII) collected from three VPNs was exposed by a cybercriminal who allegedly stole the data from all three. The PII included payment-related data, email addresses, usernames, full names, random password strings, and device IDs, among other things. The stolen data was found advertised for sale on hacker forums by the person claiming to be the perpetrator of the crimes.
The VPNs involved in the data heists are found on Google Play store for Android devices. The apps are ChatVPN, SuperVPN, and GeckoVPN, and all are free to use. It’s all part of a disturbing trend toward increasing attacks that expose a VPNs flawed approach to maintaining their data security policies. To date, the only price being paid for the broken promises is the data exposure of victims who trusted the apps. A cybersecurity researcher posted on Twitter about the data leaks, calling the situation “a mess, and a timely reminder why trust in a VPN provider is so crucial.”
Abandoning VPNs isn’t the answer but holding the app creators responsible for the PII they collect should play a big part. Victims had no idea the level of PII these apps were collecting as it was more than they were told. The same researcher continued his Tweet, “This level of logging isn’t what anyone expects when using a service designed to “improve” privacy, not to mention the fact they then leaked all the data.”
What can be done about the situation once again falls to the user to make sure they are using legitimate and trusted VPNs for their data security. VPN consumers have a crucial option: doing the necessary homework to ensure their provider is legitimate and trustworthy before diving in. Even then, there’s no guarantee a VPN will remain untouched by bad actors, but it’s an important start.
Doing Due Diligence on VPNs
Be wary of free VPNs. There’s usually a trade-off for free services, including much of customer data being sold to advertisers and marketers. It can also include an avalanche of annoying pop-up ads that can be a ruse for installing malware on a device.
Read third party VPN reviews. There you’ll find the good and the bad reviews about a VPN service. Pay particular attention to the problematic reviews, as they can expose key issues you should avoid.
Reliable VPN customer support. Having no place to go when there’s an issue with a VPN is an exercise in frustration, so make sure the provider has easy and accessible customer support.
Not all VPNs are the same. Shop around for yours as the services they provide vary along with their price tags.
Use a vendor you trust. If you’ve previously used a particular vendor’s products with reliable results, consider using the same one if they offer a VPN. Always check the data privacy of any VPN before signing up, as trust should always play a major part in deciding which app to use.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org