Free VPN application BeanVPN has reportedly leaked millions of user connection records, including their personal IP addresses and other logged data.

Cybernews reports that a popular free VPN application BeanVPN has leaked 18,5 GB of user data. It contains over 25 million records with information such as device IDs, Play Service IDs, IPs, connection timestamps as well as extensive VPN diagnostic information.

It appears, that BeanVPN was violating its own privacy policy which states that the company aims “to collect only the minimal data required to operate a world-class VPN service at scale“.

The experts at Cybernews believe that the leaked data could be further used to de-anonymize users and use their spear-phishing attacks:

“The information found in this database could be used to de-anonymize BeanVPN’s users and find their approximate location using geo-IP databases. The Play Service ID could also be used to find out the user’s email address that they are signed in to their device with”

Bean VPN was downloaded over 50,000 times through Google Play Store. Ever since the leak, the app has disappeared from the Plays Store and is currently only available through third-party websites. The companies original website is promoting the company’s other products Telefly MTProto Proxy Servers for Telegram and Outline VPN.