Latest in Gear

Image credit: ISAAC LAWRENCE/AFP via Getty Images

Seven Hong Kong VPN providers accused of exposing private user data

It could pose serious trouble for free speech advocates.
Jon Fingas, @jonfingas
July 19, 2020
416 Shares
Share
Tweet
Share

Sponsored Links

A riot police officer stands guard after a protest by district councillors at a mall in Yuen Long in Hong Kong on July 19, 2020, against a mob attack by suspected triad gang members inside the Yuen Long train station on July 21, 2019. (Photo by ISAAC LAWRENCE / AFP) (Photo by ISAAC LAWRENCE/AFP via Getty Images)
ISAAC LAWRENCE/AFP via Getty Images

Many activists and privacy advocates turn to virtual private networks to keep their internet activity away from prying eyes, but it appears that some VPN providers might have put their customers at risk. VPNMentor reports (via The Register) that sensitive user data from seven free Hong Kong VPN services, ostensibly with no-log policies, was exposed online. The leak reportedly included connection logs, addresses, payment info, plain text passwords and website activity.

All of the companies are ultimately white labels that rebranded a common provider’s service.

At least some of the information went offline, although it was visible in IoT search engine Shodan.io for 18 days.

One of the providers, UFO VPN, claimed that it couldn’t lock down its data quickly due to pandemic-related staff changes. It also maintained that the logs were only used for performance monitoring and were supposedly anonymized. CompariTech and VPNMentor say UFO’s claims are incorrect, though, pointing to sample data that mentions explicit names. As it stands, the zero-log claim is clearly untrue.

The incident underscores the problems with white label VPN services. It’s all too easy for some companies to rebrand services without being held to account for their claims. If you’re concerned about the privacy of your data, it may be better to stick to major brands.

It’s also particularly dangerous for Hong Kong. Critics of the government use VPNs precisely to avoid China’s surveillance and censorship. A data leak like this not only undermines the privacy of these VPNs, but risks making it easy for officials to crack down on dissidents. While it’s unclear how much of the info was made public, this could easily leave the VPN firms’ customers scrambling to switch providers and change login details.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
416 Shares
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Disney has no idea what it's doing with 'Mulan'

Disney has no idea what it's doing with 'Mulan'

View
Instagram 'bug' heavily favored Trump content over Biden for months

Instagram 'bug' heavily favored Trump content over Biden for months

View
The Morning After: Samsung revealed the Note 20 and Galaxy Z Fold 2

The Morning After: Samsung revealed the Note 20 and Galaxy Z Fold 2

View
Google adds emoji reactions to Messages on Android

Google adds emoji reactions to Messages on Android

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr