VPN Firm that Claims Zero Logs Policy Leaks 20 Million User Logs

by
martyb
from SoylentNews on (#55VXS)

upstart writes in with an IRC submission for RandomFactor:

VPN firm that claims zero logs policy leaks 20 million user logs:

The VPN company in the discussion is a Hong Kong-based UFO VPN owned by Dreamfii HK Limited.

[...] Discovered by researchers from Comparitech on July 1st, 2020; the exposure occurred due to the database hosted on an Elasticsearch cluster being left without any password.

[...] Worth 894 GB, the data allegedly included plaintext passwords, IP addresses, timestamps of user connections, session tokens, information of the device, and OS being used along with geographical information in the form of tags.

[...] This, as Comparitech has rightly pointed out, goes against the service provider's privacy policy and the promises of a zero log policy it has communicated to its users:

UFO VPN does not collect, monitor, or log any traffic or use of its Virtual Private Network service, under any circumstances, on any platform.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments