Digital security concept

The whole point of using VPN services is to keep your data safe and secure and maintain privacy while browsing the internet. But even if you are using a VPN, it is important to research your service providers even if they claim to not collect any data as many offerings are notoriously famous for leaking private data.

A report published by Comparitech, earlier this week, has revealed that ‘UFO VPN’, ‘Flash VPN’, and a plethora of others have leaked a total of over 1.2TB of private data. UFO VPN, a Hong Kong-based service, had an exposed database of 894GB data.

The service that claims to have a “zero log policy” on its website had an exposed database including plain text passwords, IP addresses of customer devices and servers, the OS being used, VPN sessions, and more. The app is available on Android as well and has more than 10 million installs.

However, this does not stop here. The research team at VpnMentor discovered that UFO VPN is just one member of a notorious group of apps using an identical codebase and infrastructure to collect data. Apps including Rabbit VPN, Flash VPN, Secure VPN, Super VPN, and numerous others were also found to be leaking data, increasing the total to 1.207 TB.

All of these VPNs share a common Elasticsearch server, have very similar websites, and even use the same recipient for payments. These apps have between 10 thousand to 1 million installs on the Google Play Store and so far only Rabbit VPN has been removed from the app store.