News

VPN service put plaintext passwords in unsecured Elasticsearch database

By admin
Spread the love

The database of a Hong Kong VPN service was found online. As a result, data from more than twenty million users could be viewed, including plaintext passwords and session tokens. The provider claimed to keep no logs.

The data was on an unsecured Elasticsearch server. It was discovered by security company Comparitech, which published about it after informing the company. Comparitech discovered the server via Shodan at the end of June. It is a database of the VPN service UFO from Hong Kong.

The database contained data from more than twenty million users. The entire file was 894 gigabytes in size. It is striking that in addition to the e-mail addresses, the passwords of users could be read in plaintext. In addition, session secrets and tokens were displayed, IP addresses of users and the VPN servers they connected to, connection timestamps, geotags and information about users’ devices and operating systems. It does not seem that logs have been kept of surfing behavior, although that information could be retrieved retroactively via the secrets and tokens.

UFO VPN says the information on the server is “anonymous”, and “used only to analyze users’ network status and any issues.” There is no indication that the information has been misused by others. UFO VPN has now protected the database with a password. The VPN service says on its website that it has 20 million customers – so every customer of the company may have been affected.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

GitHub enables passwordless login via passkeys in beta

News

Proton releases Windows app for encrypted cloud storage service Proton Drive