VPN providers who assured the policy of ‘No logging’ policy have caught leaking user’s data into the web and were accused of the misdemeanor. 1TB of user logs were found on the servers with zero security and privacy. After investigation, it was found that the logs found were from the VPN service providers who assured the zero-logging policy.
There are numerous trackers, service providers, cyber thieves even certain malware have been developed for stealing information from you to indulge certain crime in your name. This must be prohibited so the only way is to get a VPN to protect your information. But this accusation has made users to not believe in VPN service providers.
The logs listed composed of user’s privacy information including credentials, passwords of their debit or credit cards, usernames, emails, plain text passwords, IP addresses of both users and the servers which they are connecting to, history of their browsing. The other data including geographical locations, time stamps, device characteristics and payment information from Bitcoin and PayPal, etc.,
These records were first found in an unsecured Elasticsearch cluster named UFO VPN which was found by Comparitech’s Bob Diachenko. These records were about 894GB which belonged to UFO VPN tend to leak user’s files on the internet. This misbehavior attitude from one of the top companies who claimed to keep zero-logging features has resulted in skepticism.
UFO VPN literally declared that it has no activity of tracking and hadn’t track any information related to users outside its site or browsing actions. Owing to the statement, the user log was detected under the unprotected server which belonged to the company. Diachenko stated that there came no answer while raising questions regarding the exposure of log information. This became a complete affront to the service providers when there was no come back from their side.
Top Seven ‘no logging’ VPN service providers
After a few days of this affront, there was another issue reported by Noam Rotem, team lead at VPNmentor. The same kinds of stuff happened once again but a large detail was covered. The most popular and white-labeled VPN services including UFO VPN, Fast VPN, Super VPN, Secure VPN, Flash VPN, Rabbit VPN, and Free VPN who were based in Hong Kong assured no-logging policy, were found with a mistrust of recording information from the users. This turns out to be a complete worse and paving chance of mistrust from the users.
“The vast majority of companies that operate these services use patently false marketing, have very murky corporate provenance, and in some cases are literally run by convicted financial crime felons, so of course they will claim ‘strong privacy and security’ protections when in fact they offer neither”, stated Kenneth White.
Also added, “In this case, the effects are even more widespread because of a common industry practice called white labeling, in which smaller VPN providers rebrand a larger service and piggyback on their network, infrastructure, and software. In this case, there seem to be at least seven VPN providers whose customer data was leaked, completely contrary to their marketing claims of ‘no logging’.”
Over a billion of log data!
After several investigations, it was found that the leakage of information is from the same unprotected Elasticsearch cluster with a total volume of recordings about 1.2 TB which were open to the world. This was totally over a billion of log data. Many such contained vulnerable information of users as stated above.
To revert back the accusation, UFO VPN claimed that the logging is just to monitor the traffic performance and added that the logging data was completely anonymized for the user’s sake. But, according to Comparitech and VPNmentor, this statement was completely in opposition to the strategy of ‘no logging’ policy. VPNmentor stated that it could not believe the anonymity of the user’s data.
Late in 2019, NORD VPN was also held with the same issue. So this was not the first time that VPN providers are facing this issue. The fact behind this threat that whether it’s a VPN provider or ISP can log your private information. This dishonest behavior completely reflects the mistrust of users towards some genuine organizations.