Free VPN provider SuperVPN exposes 360 million user records

Free VPN provider SuperVPN exposes 360 million user records

SuperVPN, a popular free VPN service provider, has suffered a massive data breach exposing more than 360 million user records.

VPNMentor researcher Jeremiah Fowler has found a non-password protected database belonging to SuperVPN.

In total, 133GB of sensitive data including user email addresses, original IP addresses, and geolocation information is said to have been exposed in the leak. Additionally, the exposed details included secret keys, Unique App User ID numbers, and UUID numbers.

The records also contained information on phone or device model, operating system, internet connection type, VPN app version, as well as refund requests from customers.

“The same Super VPN’s customer support emails were also linked to Storm VPN, Luna VPN, Radar VPN, Rocket VPN and Ghost VPN (not to be confused with CyberGhost VPN). In addition, references to these VPN provider names were found inside the database. At this point, it is not possible to determine if these VPNs are owned by the same company,” the report reads.

The researcher noted two apps named SuperVPN on Apple’s AppStore and Google Play, listed under two separate developers with connection to China. Qingdao Leyou Hudong Network Technology Co. was the developer behind SuperVPN for iOS, iPad, and macOS, while SuperSoft Tech developed the second app with the same name. VPNMentor reached out to both companies but never received a reply. However, the database was secured after the breach was reported to the vendor via available email addresses associated with both apps.

Back to the list

Latest Posts

Balloonfly hackers used recently patched CLFS zero-day to deploy Grixba malware

Balloonfly hackers used recently patched CLFS zero-day to deploy Grixba malware

Attackers are believed to have gained initial access via a publicly exposed Cisco ASA firewall.
7 May 2025
Microsoft warns of security risks in Kubernetes deployments due to misconfigured Apache Pinot

Microsoft warns of security risks in Kubernetes deployments due to misconfigured Apache Pinot

The company said that it has observed multiple cases where attackers exploited vulnerable Pinot instances in the wild.
6 May 2025
Reckless Rabbit and Ruthless Rabbit cybercrime gangs linked to large-scale celebrity investment scam

Reckless Rabbit and Ruthless Rabbit cybercrime gangs linked to large-scale celebrity investment scam

The groups operate through spoofed platforms advertised primarily on social media.
6 May 2025