Reading:
10GB Database of Popular VPN Apps Leaked

10GB Database of Popular VPN Apps Leaked

May 12, 2022

Threat actors shared a 10GB database allegedly belonging to popular VPN apps such as SuperVPN, GeckoVPN, and ChatVPN companies in a Telegram group. The database, which includes the personal information of approximately 21 million users, can be downloaded free of charge. SOCRadar analysts had detected that the data was previously available for sale on dark web forums on 26.02.2021.

SOCRadarsearchestheentire internet for personally identifiable information (PII), such as the most recent hacked account credentials and credit card details. Click to learn more!

Database Contains 21M User’s Information

Threat actors shared the leak on their Telegram channels, including VPN users' data.
Threat actors shared the leak on their Telegram channels, including VPN users’ data.

The data allegedly belonging to users of popular VPN applications such as SuperVPN, GeckoVPN and ChatVPN contain the following information:

  • Full names
  • Usernames
  • Country names
  • Billing information
  • Email addresses
  • Randomly generated password strings
  • Membership status and validity period

Threat actors also shared previews of the leak. According to vpnMentor researchers’ findings, these are only a tiny fraction of all data.

Attackers Can Use Leaked Data in Phishing Scams

Cybersecurity experts predict that VPN users’ data exposure can have different dimensions. VPN applications, which are mainly used for privacy purposes, can allow attackers to access sensitive data. Attacks such as phishing, blackmail, or identity theft can be carried out against people whose data has been leaked.

Exposure of users’ sensitive data, such as billing information and their countries, also increases the risk of fraud.

To minimize the risk, it is recommended that all users change their VPN account passwords to combinations of upper and lower case letters, numbers, and symbols.

Meet SOCRadar ThreatHose: Cybersecurity’s Search Engine

SOCRadar provides a safe and simple way to access the deep web and obtain critical threat intelligence. Without requiring a subscription or supplying personal data in a safe environment, search deep web hacker forums, digital assets (IP addresses, domains, etc.), hashes, or any keyword referenced in deep web sites. ThreatHose from SOCRadar is a portal to the deep web.

Get the latest cybersecurity news, IoC/feed data, and deep web information via data feeds.

With our BigThreat-Share Data Search, you can search for:

  • Your assets (domain, IP address)
  • An IP address or a domain associated with a particular threat actor
  • Hacker information from IRC, Telegram, Discord, and ICQ channels
  • and more…
Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Get free access.