29 May 2023

Free VPN provider SuperVPN exposes 360 million user records


Free VPN provider SuperVPN exposes 360 million user records

SuperVPN, a popular free VPN service provider, has suffered a massive data breach exposing more than 360 million user records.

VPNMentor researcher Jeremiah Fowler has found a non-password protected database belonging to SuperVPN.

In total, 133GB of sensitive data including user email addresses, original IP addresses, and geolocation information is said to have been exposed in the leak. Additionally, the exposed details included secret keys, Unique App User ID numbers, and UUID numbers.

The records also contained information on phone or device model, operating system, internet connection type, VPN app version, as well as refund requests from customers.

“The same Super VPN’s customer support emails were also linked to Storm VPN, Luna VPN, Radar VPN, Rocket VPN and Ghost VPN (not to be confused with CyberGhost VPN). In addition, references to these VPN provider names were found inside the database. At this point, it is not possible to determine if these VPNs are owned by the same company,” the report reads.

The researcher noted two apps named SuperVPN on Apple’s AppStore and Google Play, listed under two separate developers with connection to China. Qingdao Leyou Hudong Network Technology Co. was the developer behind SuperVPN for iOS, iPad, and macOS, while SuperSoft Tech developed the second app with the same name. VPNMentor reached out to both companies but never received a reply. However, the database was secured after the breach was reported to the vendor via available email addresses associated with both apps.

Back to the list

Latest Posts

North Korea’s Lazarus adds new LightlessCan backdoor to its arsenal

North Korea’s Lazarus adds new LightlessCan backdoor to its arsenal

The hackers posed as a recruiter from Meta to gain access to the network of an aerospace firm.
2 October 2023
Critical Exim flaws put millions of servers at risk of hacker attacks

Critical Exim flaws put millions of servers at risk of hacker attacks

The vulnerabilities could allow attackers to breach the servers and gain access to sensitive data.
2 October 2023
Cyber Security Week in Review: September 29, 2023

Cyber Security Week in Review: September 29, 2023

The world in brief: the MOVEit protocol maker releases fixes for new critical bugs, Cisco warns of a zero-day in IOS and IOS XE software, and more.
29 September 2023