A database containing the personal information and login passwords of 21 million individuals was exposed on a Telegram channel on May 7th, 2022, as per Hackread.com. The data of VPN customers was also exposed in the breach, including prominent VPNs like SuperVPN, GeckoVPN, and ChatVPN.
The database was previously accessible for sale on the Dark Web last year, but it is now available for free on Telegram.
The hacked documents contained 10GB of data and exposed 21 million unique records, according to VPNMentor analysts. The following details were included:
- Full names
- Usernames
- Country names
- Billing details
- Email addresses
- Randomly generated password strings
- Premium status and validity period
Further investigation revealed that the leaked passwords were all impossible to crack because they were all random, hashed, or salted without collision.
Gmail accounts made up the majority of the email addresses (99.5 percent).
However, vpnMentor researchers believe that the released data is merely a portion of the whole dump.
For the time being, it's unknown whether the information was gained from a data breach or a malfunctioning server. In any case, the harm has been done, and users are now vulnerable to scams and prying eyes.
The main reason people use VPNs is to maintain their anonymity and privacy. Because VPN customers' data is regarded more valuable, disclosing it has far-reaching effects.
People whose information was exposed in this incident may be subjected to blackmail, phishing scams, or identity theft.
Because of the exposure of personally identifiable information such as country names, billing information, usernames, and so on, they may launch targeted frauds. Threat actors can easily hijack their accounts and exploit their premium status after cracking their credentials.
If the data falls into the hands of a despotic government that prohibits VPN use, VPN users may be arrested and detained. Users should change their VPN account password and use a mix of upper-lower case letters, symbols, numbers, and other characters for maximum account security.