Don't know where to start?

Find My VPN

Three of the most popular Android VPN apps hacked

Written by David Spencer

February 27, 2021

Hacker with a laptop and padlock

If you have downloaded a VPN from the Google Play Store onto your Android device, unfortunately, it’s ‘squeaky-bum’ time as a famous Scottish football manager once said.

Because a user on a popular hackers forum on the dark web has put three databases up for sale that he claims contains a wealth of user information stolen from three of the most popular Android VPNs on the market.

The three affected VPNs are allegedly SuperVPN, GeckoVPN, and ChatVPN. Between them, there are more than 21 million records available to buy for an undisclosed sum.

SuperVPN is one of the most popular Android-specific VPNs and claims to have been downloaded more than 100,000,000 times from the Google Play store.

Gecko VPN also claims more than 10,000,000 installs while ChatVPN, the other affected provider, has had a more modest 50,000+ installations.

If the name SuperVPN rings a bell, it might be because last April, it was pulled from the Google Play store for a time after critical vulnerabilities were discovered. Our advice then was to delete it immediately.

If you haven’t already done so, this remains the best course of action, although unfortunately, that probably won’t help you out if you are a victim of this hack.

What data has been compromised?

The data that is on offer on the forum is a wide range of potentially very sensitive data.

The information that is available on two of the archives includes usernames, email addresses, full names, and randomly generated password streams.

The password streams will be of particular concern to affected users because there has been some speculation that they might also be linked to the users’ Google Play store accounts as well.

Other data that is included in the archives include whether someone is a premium member of any of the three affected VPNs and if so, when this membership ends. Perhaps most worryingly of all, payment data also seems to be included.

The other archive is perhaps even more concerning.

It appears to contain device-specific information such as device serial numbers, smartphone models and manufacturer details, device IDs, and device IMSI numbers.

Such information could potentially put these devices at risk if it is genuine and is in the public domain.

How did this data leak?

According to the hacker who has posted these three archives on the forum, the data was all lifted from publicly available databases that the three VPNs in question had left vulnerable by leaving default database credentials in place.

If this is the case, it is an absolute schoolboy error by all three and raises some major questions about the calibre of the security and privacy protection they can offer.

As we have already noted, in the case of SuperVPN, this is far from the first time.

Little wonder therefore that none of the three VPNs have responded to questions about the leak which were posed to them by CyberNews, who first reported the news.

What about their privacy policies?

As well as a glaring security faux-pas, this leak will (if genuine) call into question the privacy promises of each of these three VPNs.

All have a privacy policy which make various claims about the data that they collect. Some are better than others, but none admit to harvesting much of the data that has now been put up for sale.

If these archives are genuine, it will be proof positive that each of these VPNs have misled users with their privacy policies and this will inevitably lead to questions about which of their other claims are genuine.

Another possibility that has been floated is that the hacker responsible for gathering this information hasn’t just got into an insecure database but rather has managed to hack their way into the VPNs actual server networks.

If servers have been compromised in this way, it would be easy for a hacker to gather this type of information as well as use them to launch man-in-the-middle attacks.

Users of SuperVPN, GeckoVPN, and ChatVPN should be deeply concerned and we would advise you to contact your provider at the earliest possible opportunity to find out if this hack is genuine and whether or not your data is affected.

Regardless of their answers, it would be highly advisable to seek out an alternative VPN and stop using all three of these VPNs while such serious questions about their privacy and security provisions remain.

Any one of our recommended VPNs will be able to offer you the privacy and security protection you crave without any of this hassle and concerns. This case really shows the risks of not researching and selecting the right VPN before signing up.

Download numbers mean nothing if the VPN behind them is not able to offer you the basic security, privacy and service provisions you need.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular Articles

Recent Posts