A string of "zero logging" VPN providers have some explaining to do after more than a terabyte of user logs were found on their servers unprotected and facing the public internet.
This data, we are told, included clear-text passwords, personal information, and lists of websites visited, all for anyone to stumble upon.
It all came to light after Comparitech's Bob Diachenko spotted 894GB of records in an unsecured Elasticsearch cluster that belonged to UFO VPN.
The silo contained streams of log entries as users connected to UFO's service: this information included what appeared to be account passwords in plain text, VPN session secrets and tokens, IP addresses of users' devices and the VPN servers they connected to, connection timestamps, location information, device characteristics and OS versions, and web domains ..
Support the originator by clicking the read the rest link below.
