It also shows a total disregard for standard VPN practices that put their users at risk.

However,we found multiple instances of internet activity logson their shared server.

However, this is contrary to what we found during our research.

Report: No-Log VPNs Reveal Users' Personal Data and Logs

But rare are these times.

The snippet of log data displayed below is a sample taken from the database.

It shows the package names for numerous VPN apps writing user data to the unsecured server.

Screenshot showing Super VPN’s website

Super VPN’s branding is very similar to other affected VPNs

The package names all share a similar template.

The same package name is also connected to the VPNs website URLhttp://free-vpn.io/.

The website for this app is https://www.fastvpn.im/.

Screenshot showing Super VPN’s website

Super VPN’s branding is very similar to other affected VPNs

This confirmed thatthe database was real and the data was live.

However,we faced considerable obstaclesin doing so.

We sent two replies to the company twice butreceived no further communication.

Screenshot showing Super VPN’s website

We made two more attempts at contacting individuals working at Dreamfii directly, including its Company Director.

The same day,we received the following response from the UFO VPN Team:

1.

And now it has been fixed.

Screenshot of Flash VPN’s website

Those using cryptocurrency are also recorded in logs that identify them by their email and other identifiers.

They confirmthe database was live and the contents were real.

A phishing campaign involves sending fake emails to a target, imitating a real business.

Screenshot of Free VPN’s website

VPN users rely on the privacy and anonymitya VPN provides for many reasons.

But the most important benefit is keeping both your online activity and identity hidden, and separate.

In doing so, they compromised the safety and security of their users.

A screenshot from securitytrails.com showing the different domains hosted on a single IP address managed by the company that owns the VPN apps

There are someexcellent free VPNsthat dont compromise on security and follow strict privacy protocols.

Every identified weakness is meticulously investigated for any instances of exposed data.

Our team was able to access this database because it was completely unsecured and unencrypted.

Screenshot of UFO VPN’s website homepage

Whenever we find a data breach, we use expert techniques to verify the owner of the database.

These ethics also mean we carry a responsibility to the public.

The purpose of this web mapping project is to helpmake the internet safer for all users.

Screenshot showing UFO VPN’s features

Our ethical security research team has discovered and disclosed some of the most impactful data leaks in recent years.

[Publication date: 10th July 2020]

just, comment on how to improve this article.

Capture showing UFO VPN’s claim that it has a zero logs policy

Screenshot of UFO VPN’s security and confidentiality statement

Screenshot of Fast VPN’s privacy policy

Snippet showing package names in URL

Graphic showing user name and passcodes visible in searches of breached VPNs

Screenshot of Fast VPNs new user log

Article image

Image showing password change information following data breach

Graphic showing data leaks of IP address and country

Graphic showing personal information being leaked following VPN data breach

Screenshot of connection logs from UFO VPN’s breached servers

Image showing breached data of adult content being accessed in Iran, where it is illegal

Graphic of UFO VPN’s data breaches

Graphic showing complaints to VPN provider

Complaints from customers using UFO VPN revealed in data breach

Graphic showing PayPal logs in VPN data breach

Screenshot of payment logs visible in VPN data breach

Screenshot of cryptocurrency payment details made visible after VPN data breach

Screenshot of Huawei labeled entries

Screenshot of Huawei data entries

Screenshot of data leaks showing names of users redacted

Screenshot of customer data information visible in VPN data leak

Graphic showing live tests to prove UFO VPN had been compromised

Screenshot of UFO VPN’s leaked data in Milan

Testing logs showing data leaks in UFO VPN’s servers

Image of data leaked by UFO VPN

Article image

Article image

Article image

Article image

Article image

Screenshot showing Super VPN’s website

Screenshot of Flash VPN’s website

Screenshot of Free VPN’s website

A screenshot from securitytrails.com showing the different domains hosted on a single IP address managed by the company that owns the VPN apps

Screenshot of UFO VPN’s website homepage

Screenshot showing UFO VPN’s features

Capture showing UFO VPN’s claim that it has a zero logs policy

Screenshot of UFO VPN’s security and confidentiality statement

Screenshot of Fast VPN’s privacy policy

Snippet showing package names in URL

Graphic showing user name and passcodes visible in searches of breached VPNs

Screenshot of Fast VPNs new user log

Article image

Image showing password change information following data breach

Graphic showing data leaks of IP address and country

Graphic showing personal information being leaked following VPN data breach

Screenshot of connection logs from UFO VPN’s breached servers

Image showing breached data of adult content being accessed in Iran, where it is illegal

Graphic of UFO VPN’s data breaches

Graphic showing complaints to VPN provider

Complaints from customers using UFO VPN revealed in data breach

Graphic showing PayPal logs in VPN data breach

Screenshot of payment logs visible in VPN data breach

Screenshot of cryptocurrency payment details made visible after VPN data breach

Screenshot of Huawei labeled entries

Screenshot of Huawei data entries

Screenshot of data leaks showing names of users redacted

Screenshot of customer data information visible in VPN data leak

Graphic showing live tests to prove UFO VPN had been compromised

Screenshot of UFO VPN’s leaked data in Milan

Testing logs showing data leaks in UFO VPN’s servers

Image of data leaked by UFO VPN