Data of 45,000 anonymous users of VPN-services were put on the darknet
Logins and passwords, as well as IP addresses and device identifiers of 45.5 million users of mobile VPN services have been made publicly available.
The data of 45.5 million users of FreeVPN.org and DashVPN.io services, which provide privacy services for their data through personal VPNs that are necessary to create anonymity online, appeared on shady forums. The data was left on an unsecured server of the MongoDB database management system. Both services are owned by ActMobile Networks, an international company headquartered in the United States. As stated on the company’s website, their VPN services were used by more than 75 million people around the world.
The database contains users’ email addresses, encrypted passwords, dates of registration, profile updates and last login.
VPN applications allow customers to spoof their real IP address to visit web resources blocked in their country and partially hide data about their own devices.
But the publicly available information from VPN-services can be used not only by common crooks. For example, it can help intelligence agencies to investigate cyber incidents, in which those who use these services in illegal activities on the Internet were caught.