UFO VPN was caught saving and leaking user logs despite complaining strictly no-log policy.
A few days ago Hackread.com covered an incident in which it was reported that UFO VPN was collecting user logs despite claiming to have a zero-logs policy and at the same time had exposed their database far and wide for attackers to see.
Although the database was secured later on 15th July due to efforts from security researchers, there’s another update. On July 21st, it was discovered that the UFO VPN database surfaced online again on the Internet with a different IP address containing larger and more recent user records.
Latest: 7 VPN firms with no-logs policy end up exposing 1.2 TB of user data
However, this time UFO VPN wasn’t so lucky in getting time to secure the leaked records as attackers took initiative and destroyed the entire database in an attack dubbed “Meow.”
Screenshot of the attack
Only a few records that were added recently can be seen still intact exposing the following data in the process which was also exposed earlier:
Plaintext passwords
IP addresses of the users and the VPN along with Geo-tags compromising user location
Tokens of the VPN sessions
Details pertaining to the user’s devices such as its OS.
Yet, this is not all. Excluding UFO VPN, various other databases hosted on MongoDB and Elasticsearch have also been compromised resulting in their deletion. For instance, this is the third time for MongoDB to ..
Support the originator by clicking the read the rest link below.
