Some of the most popular free VPNs for Android have leaked data of over 21 million of their users. The breach was recently reported by CyberNews, causing major security concerns.

The VPN providers, associated with the massive data leak, are some of the most used free Android VPNs. These include SuperVPN (over 10.000.000 users), GeckoVPN (over 10.000.000 users), and ChatVPN (over 50.000 users). The leaked database is currently being sold on shadow forums at an unknown price.

The cause of the leak was, most likely, insufficient provider security measures. Not only did the free providers collect and store user data, but their server setup also kept default login information, which made them extremely easy to breach.

What for leaked?

Even though there is still some debate whether the breach was real or not, the information showcased in the forum posts seemingly checks out. Based on it, we can determine that this leak was extremely sensitive and exposes a lot of user information that can be used to carry out further attacks.

The leak contains personal details of over 21 million accounts, including:

• Email addresses
• Usernames
• Full user names
• Country of user origin
• Randomly generated passwords
• Payment data
• Subscription status and expiration date
• Users’ device IDs and serial numbers
• Device IMSI numbers
• Phone types and manufacturers

While all the information that for leaked is extremely sensitive, the random password strings are one of the greater causes for concern. These password strings can be linked to Google Play accounts and they can be used to carry out financial fraud.

The extensive device information can also be used with malicious intent. Attackers can use it to carry out man-in-the-middle attacks to gain further access to use devices, personal information, and even financial accounts.

What can you do now?

This isn’t the first time free VPNs leak their users’ data. SuperVPN, in particular, suffered a nasty data leak back in 2020 due to the same poor security setup.

It seems, though, the providers did not learn anything from past mistakes and continue to put their users in peril.

As of now, none of the providers have released a statement regarding the data leak or proposed any fixes. So protecting their information and making sure the leak will not affect them is up to the users.

If you have been a user of any of these VPN services or involved in any other data breach, here are some of the most basic steps you can take to protect yourself:

1. First of all, check, whether your personal information has been leaked;
2. Change your password for Google Play and any other service, if you happen to use the same password. It’s best to use a password generator;
3. Switch from unreliable free VPNs that store your data and do not offer sufficient protection, so ones that can guarantee your online safety.

Online security is no joke. And VPNs are here to make sufficient cybersecurity available to anyone who needs it. Free VPN providers have proven time and time again, that they are incapable of providing reliable security, and most of the time they are making money off their users anyway.

Choose the right VPN today, so as not to be concerned with your privacy tomorrow.