21 million VPN service user records were leaked through Telegram, exposing personal data such as email addresses and hashed passwords of users of various VPNs.
The data, which adds up to 10 GB of information, corresponds to a leak that was previously put up for sale on the black market, but has now been made freely available on the Internet.
Personal data of 21 million users of VPN services exposed
The specialized portal vpnMentor notified this leak, noting that the data was captured on February 25, 2021, according to what the same leaked information indicates.
Among the data that can be found within this database, there are email addresses, usernames, full names, countries, passwords, billing details and the status of the subscriptions of the affected users.
Those who were compromised by this event are users of various VPN services, including GeckoVPN, SuperVPN, and ChatVPN. This database was initially offered for sale on the dark web in 2021, shortly after being compiled. It is now available for free on Telegram.
Although a significant batch of passwords are shared, they appear randomly in the leaked database, unrelated to other data contained therein.
The report of this leak indicates that 99.5% of email addresses are Gmail accounts, which is much higher than the average percentage that occurs in these cases. This can also be considered an indication that whoever leaked the dump shared a leaked subset of the data and not a full dump.
For such a leak to occur, unfortunately it’s not new. However, in this particular case, the security implications are greater, given the free dissemination of compromised information and the potential scope that this represents.
Given the suspicion of being affected by this situation, it is advisable to take safeguards in this regard, establishing strong passwords.
It is important to point out that, for ethical reasons, the original report does not provide access to this information, the transmission of which constitutes an illegal practice.
It is even paradoxical that a service that is usually required as a security and anonymity resource ends up compromising precisely these guarantees.