Researchers have discovered that the free virtual private network (VPN) service provider Bean VPN has compromised millions of users’ personally identifying data after the analysts stumbled across a database containing more than 18GB of connection logs produced by the app.
As per the findings, the database reportedly comprised more than 25 million records, including information like device IDs, Play Service IDs, IP addresses, and connection stamps. These details were found by the Cybersecurity researchers from Cybernews during a usual checking while using ‘ElasticSearch’.
Cybernews security researcher, Aras Nazarovas, said: “The information found in this database could be used to de-anonymize Bean VPN’s users and find their approximate location using geo-IP databases. The Play Service ID could also be used to find out the user’s email address that they are signed into their device with.”
One common method for protecting internet privacy is to utilise a VPN. The user can get around a variety of censorships and geographical restrictions by concealing the endpoint’s real IP address and location.
It is noteworthy that since Russia invaded Ukraine, Moscow has prohibited citizens from accessing Western media sources, which has caused a sharp increase in VPN downloads there.
China has earned a reputation as one of the world’s most restrictive countries in terms of what its citizens can and cannot access online. This includes social media platforms like Facebook and Twitter, search engines like Google and YouTube, and even news organisations like the BBC and The New York Times.
Buying Bitcoin and other cryptocurrencies is likewise prohibited by the so-called ‘Great Firewall of China.’ That means having a VPN for China is a must if people want total access to all of those internet sites.
However, it needs to be understood that VPN services are not safe from security risks.
According to Esecurity Planet, such risks include VPN hijacking, in which an unauthorised user takes over a VPN connection from a remote client; man-in-the-middle attacks, in which the attacker intercepts data; weak user authentication; split tunnelling, in which a user accesses an insecure Internet connection while also accessing a VPN connection to a private network; malware infection of a client machine; granting too many network access rights; and DNS leak, in which the computer uses the DNS connection instead of VPN’s secure DNS server.
Additionally, a survey said, “Hackers are continuously identifying CVE or commonly exposed vulnerabilities and apply Auxiliaries/payloads to exploit the entire network. Admin awareness and proper timely auditing of the entire infrastructure is highly recommended to mitigate risk factors from various contingencies.”
Read all the Latest News , Breaking News , watch Top Videos and Live TV here.
For all the latest Technology News Click Here
