Millions of free VPN user records leaked

Bean VPN kept an unprotected database, almost 20GB in size

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Free Virtual Private Network (VPN) service provider Bean VPN, has leaked personally identifiable information on millions of its users, researchers have found.

Cybersecurity researchers fromCybernewsstumbled upon a database with more than 18GB of connection logs generated by the app.

The database, discovered by the researchers during a routine checkup using ElasticSearch, reportedly contained more than 25 million records, including details such as device IDs, Play Service IDs, IP addresses, connection stamps.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

De-anonymizing people

All of these items, the researchers said, could be used to establish the users’ true identities:

“The information found in this database could be used to de-anonymize Bean VPN’s users and find their approximate location using geo-IP databases. The Play Service ID could also be used to find out the user’s email address that they are signed in to their device with,” Cybernews security researcher, Aras Nazarovas, said.

Thefree VPNapp, which is not available onApple’s app repository, has more than 50,000 downloads on theGoogle Play Store- where it appears to have been pulled from.

China is finally loosening some rules on VPN services>Russia is spending big on VPN>VPN downloads in Russia have skyrocketed

However on its website, the company says it doesn’t keep user activity logs, “including no logging of browsing history, traffic destination, data content or DNS queries.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

It also says it doesn’t collect IP addresses, outgoing VPN IP addresses, timestamps or the durations of sessions which, asCybernews’report suggests, is not true.

Thebest VPNspreserve one’s privacy when going online. By hiding the endpoint’s true IP address and location, the user can circumvent various censorships and geographical blockades. Ever since Russia invaded Ukraine, its government blocked its citizens from accessing western media outlets, which triggered an enormous spike in VPN downloads in the country.

VPNs are also very popular in China, where people use it to bypass the Great Firewall of China.

Via:Cybernews

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Should your VPN always be on?

3 reasons why PIA fell in our best VPN rankings

iStorage Group acquires Kanguru Solutions as it looks to expand security offering