7 Hong Kong based VPNs have been keeping unsecured user data in plain text

Data leak

If you’ve read the site recently, you’ll know we’ve been keen to promote ways to ensure that your most private activity is private – and we’re about to show you why that research is important.

VPNs are a requirement for anyone privacy-minded online in 2020, but picking the wrong one can be costly. This week, seven VPNs based in Hong Kong were found to be logging customer data, rather defeating the point of the service.

Worse still, the data has been discovered in one of those ‘leaky buckets’ we’ve been telling you about. In other words, the data was accessible to anyone with a bit of knowledge – no hacking required.

The affected apps are, predictably, all part of the same developer’s arsenal – Dreamfii HK Limited – and go by the following names:

Did you miss these?
  • Free VPN
  • Super VPN
  • Flash VPN
  • Secure VPN
  • Rabbit VPN

The unsecure content is seriously troubling – it includes names, email addresses, passwords in plain text, IP addresses, home addresses, logs of your internet activity along with device IDs of hardware.

Two White Hat Hackers discovered the server at roughly the same time. Both, Ran Locar and Bob Diachenko, have asked Dreamfii why the VPNs are collecting so much data, and why it isn’t secured. The server is now secure, but neither hacker received a reply.

If you’re reading this in a relatively liberal country, you may think this isn’t a massive deal, but look at it this way. Imagine you’re LGBTQ+ and living in a country where that is illegal.

Your VPN is your lifeline, and you are paying for absolute privacy and security – and you should be able to trust that’s what you’re getting, as you have no way of checking.

If the leaky data got into your governments’ hands, either through investigation or blackmail, you could find your life utterly ruined – at best.

VPN security is massively important. We’ve already given you a list of our favorites, but if you want to cast a wider net, remember two things:

  • Firstly – Free VPNs are, for the most part, too good to be true. There are exceptions, but for the most part, if you’re being offered a service like this for free, listen for the alarm bells.
  • Second – and this is massively important – get an independent verification that your choice of VPN is doing what it says it is. All the Dreamfii apps claim to be “No Logs”. We now know that isn’t true.

UPDATE: After we published this story, we discovered via Betanews that UFO VPN had left another, newer leaky bucket on the internet. It’s not entirely clear why lightning struck twice, though security researchers have suggested that they moved to a new Elasticsearch account and made exactly the same mistake.

Fortunately, this second database is no longer a problem – a coordinated attack by security researchers using the ‘Meow’ malware strain has completely destroyed the data in that second bucket. Storage attacked by this particular nasty is completely destroyed except for a string of digits and the word ‘Meow’. Who says all computer malware is bad? Though this probably was too, from Dreamfii’s perspective.

Read Next: Privacy 101: How to keep your browsing and other online activity as private as possible

Ready for more?

Affiliate Disclosure
Some articles contain affiliate links that allow us to earn money if you decide to purchase any of these products or services. This does not cost you any extra, and it allows us to continue to run this independent website without ads. Affiliate links have no relation to review ratings or other editorial coverage. You can read the full policy here.

Chris M
Chris M

Chris has worked in technology journalism for over a decade, and brings his nerdy expertise to looking at what goes on under the hood of sex tech.With over a decade of expertise in his field, Chris brings a nerdy perspective to his exploration of the fascinating world behind the scenes. His articles have graced the pages of renowned publications such as Engadget, TechRadar, AskMen, and The Register.

Be the first to leave a comment
      Leave a reply

      Comparisons and Guides
      Best VR Porn Sites
      Best Gay & Trans VR Porn Sites
      Best AI Porn Generators
      Best AI Girlfriend Apps
      Best XXX Cam Sites
      Best Chromecast Porn Sites
      Best Porn Apps
      Best iPhone Porn Sites
      Sound-responsive Vibrators
      OnlyFans Alternatives
      Best Toys for People with Disabilities
      Best Mini Vibrators