Researchers have discovered that free virtual private network (VPN) service provider BeanVPN has compromised the personally-identifying data of millions of users, as analysts stumbled across a database containing more than 18GB of connection logs produced by the app.
According to the findings, the database reportedly contained more than 25 million records, which included information such as device IDs, play service IDs, IP addresses and connection stamps. These details were found during a general investigation by cyber security researchers at CyberNews using ‘Elasticsearch’.
Cybernews security researcher, Aras Nazarova, said: “The information found in this database can be used to anonymize the users of BeanVPN and find out their approximate location using the Geo-IP database. The Play Service ID can also be used to trace the user’s email address with which they have signed in to their device.”
A common way to protect Internet privacy is to use a VPN. The user can bypass various types of censorship and geographic restrictions by hiding the endpoint’s real IP address and location.
It is notable that since Russia invaded Ukraine, Moscow has restricted citizens from accessing Western media sources, leading to a sharp increase in VPN downloads there.
China has earned a reputation as one of the most restrictive countries in the world in terms of what its citizens can and cannot do online. This includes social media platforms such as Facebook and Twitter, search engines such as Google and YouTube, and even news organizations such as the BBC and The New York Times.
Similarly, buying bitcoin and other cryptocurrencies is prohibited by the so-called ‘Great Firewall of China’. This means that having a VPN for China is a must if people want full access to all those internet sites.
However, it needs to be understood that VPN services are not protected from security risks.
According to eSecurity Planet, such risks include VPN hijacking, in which an unauthorized user takes a VPN connection from a remote client; man-in-the-middle attacks, in which the attacker intercepts the data; weak user authentication; split tunneling, in which a user accesses an unsecured Internet connection while also using a VPN connection to a private network; Malware infection of the client machine; granting too many network access rights; and DNS leaks, in which the computer uses a DNS connection instead of the VPN’s secure DNS server.
Additionally, a survey states, “Hackers are continuously identifying CVEs or commonly exposed vulnerabilities and applying adjuvants/payloads to exploit the entire network. To mitigate risk factors from various contingencies, Administrative awareness of the infrastructure and proper timely auditing is highly recommended.”
read all breaking news , today’s fresh news watch top videos And live TV Here.