The leak also allegedly included connection logs, payment info, addresses, plain text passwords, and website activity.
"Hong Kong-based VPN provider UFO VPN exposed a database of user logs and API access records on the web without a password or any other authentication required to access it".
The report also stated that the leak must have affected data of all paid and free users which takes the number to 20 million.
The leak not just highlights a major security issue with white-labeled VPN services, but also puts government critics at risk. UFO VPN said that the user logs are kept for traffic monitoring and that all of it is anonymised. Based off of what data was leaked, connection activities are clearly being captured and stored. After using it, experts found data about their activity on the detected server. Mobipotato, a company that represents Fast VPN said the server was at risk from June 29th to July 13th.
VPN services have become even more popular in recent months with the coronavirus pandemic forcing some people to work from home and prevented others from working at all.
Once UFO VPN was informed about the leak, it reportedly fixed the issue.
When the concerns of data storage and privacy breach are at an all-time high following the compromised Twitter accounts of famous personalities across the world, there is another breach of privacy and data localization that has not gone unnoticed.
They tried to contact the developers several times and then contacted HKCERT (Hong Kong Computer Threat Response Coordination Center).
Data leaks of such nature may hamper this.
The free services left as much as 1.2TB of data exposed on a shared yet unprotected server, leaving it open to be mined and used by anyone who knew where to look. However, the exposed server essentially gave anyone an easy way to monitor the activities on up to 20 million users. If someone uses any of these VPN services, they are recommended to switch to a better and more secure virtual private network services provider.