![]() ![]() It would be hard to achieve, but it might be possible to link each password to a specific user. Also, while the stolen passwords appear to be randomly generated strings, these can be linked to users’ Google Store Accounts. The inclusion of billing information is also extremely worrying as criminals can use this in a number of ways to steal people’s money. Criminals can also use this data to commit fraud or identity theft. These scams may be extremely specific and therefore harder to detect, since the stolen data includes people’s real names and countries. Premium member status and its validity period.Ĭybercriminals can use the freely available information to target people with more sophisticated phishing attacks.Randomly generated password strings (possibly hashed and salted).Here’s the full list of stolen user data: They then posted everything on Telegram for anyone to download for free. ![]() Once the cybercriminals were in the system, they had unfettered access to view and copy sensitive user data. ![]() On top of their non-existent security, the VPNs collected and stored user data (despite promising user privacy) and didn’t even bother to encrypt it. Apparently, the server administrators didn’t bother to change their default database credentials… so these were easily guessable. When they originally advertised the stolen data on the dark web, the cybercriminals explained they managed to access the free VPNs’ servers easily. It’s possible the cybercriminals just released a small (relatively speaking) sample, as these three VPNs have collectively been downloaded over 100 million times. So far, it’s unclear whether this leak contains all the stolen data from the 2021 hack. The cache exposes deeply personal information of over 21 million free VPN users, including their real names, home countries, and billing details. The leaked files were made available for download on Telegram on May 7th, 2022. Now, someone (presumably from the same group) has leaked 10 GB of that stolen user data for free on Telegram. At the time, the unnamed cybercriminal group made the data available for sale on a popular hacker marketplace. It resulted in a major data theft that put everyone who used any of VPN services at risk. In 2021, cybercriminals hacked the systems of three free VPNs: SuperVPN, Gecko VPN, and Chat VPN. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |