VPN With 'Strict No-Logs Policy' Exposed Millions of User Log Files

image

New submitter kimmmos shares a report from BetaNews:

An unprotected database belonging to the VPN service UFO VPN was exposed online for more than two weeks. Contained within the database were more than 20 million logs including user passwords stored in plain text. User of both UFO VPN free and paid services are affected by the data breach which was discovered by the security research team at Comparitech. Despite the Hong Kong-based VPN provider claiming to have a “strict no-logs policy” and that any data collected is anonymized, Comparitech says that “based on the contents of the database, users’ information does not appear to be anonymous at all.”

A total of 894GB of data was exposed, and the API access records and user logs included: Account passwords in plain text; VPN session secrets and tokens; IP addresses of both user devices and the VPN servers they connected to; Connection timestamps; Geo-tags; Device and OS characteristics; and URLs that appear to be domains from which advertisements are injected into free users’ web browsers. Comparitech notes that this runs counter to UFO VPN’s privacy policy.

3 Likes

Where can I find these logs by the way?

1 Like