Menu
EN
Support
AdGuard Blog There's no such thing as a free lunch: 21 million user data leaked from 3 Android VPNs

There's no such thing as a free lunch: 21 million user data leaked from 3 Android VPNs

March 2, 2021 4 min read

We haven't covered the industry news for quite a long time but we can't help but comment on the recent situation.

As CyberNews reported a few days ago, databases with the credentials of 21 million users are sold on a popular hacker forum. The data was stolen from three VPN services for Android — SuperVPN, GeckoVPN and ChatVPN. You may have heard (or even installed) one of them – SuperVPN has 100+ million downloads on Google Play, GeckoVPN has 10 million downloads, and ChatVPN has 50K ones.

Partly, these services owe their popularity to the mere fact that you don't have to pay for all or most of their features. It's easy to jump at the bait – who is not attracted to free or freemium services? But, as you know, the only free cheese is in the mousetrap. Let’s figure out what happened and why such leaks are dangerous.

What is sold at the forum

The author of the forum post sells three archives, two of them allegedly include the following data:

  • Email addresses
  • Usernames
  • Full names
  • Country names
  • Randomly generated password strings
  • Payment-related data
  • Premium member status and its expiration date

Seven months ago 1.2 TB of data leaked from seven VPN providers who claimed not to log anything. Among the fantastic four the hateful eight the unlucky seven, there was also SuperVPN, so if you occasionally read cybersecurity news, this name may be familiar to you.

Judging by the samples from the second archive, it seems that the database contains detailed information about users' devices:

  • Device serial numbers
  • Phone types and manufacturers
  • Device IDs
  • Device IMSI numbers

Why you should not use (free) VPNs that log your data

Assuming the threat actor truly has all this data, it appears that the three above mentioned VPN providers log much more information about their users than stated in their Privacy Policies:

SuperVPN Privacy Policy

Theoretically, VPNs are developed primarily to encrypt Internet traffic and protect user privacy from ISPs, governments, or attackers. It looks like SuperVPN, GeckoVPN, and ChatVPN failed to fulfil their core mission, compromising millions of gullible users’ privacy.

How leaks can be dangerous

Hackers can abuse users' personal data stored on compromised VPN servers for phishing and MITM (man in the middle) attacks. In this case, the attacker is eavesdropping a communication channel (between the victim and the dedicated resource or between two victims) and attempts to replace the intercepted message, get something useful from it and redirect the user to some external resource. If the user's web session is intercepted, credit card details and other sensitive data may be at risk.

As demonstrated by this leak, you might have to pay a heavy price for using an unreliable VPN. Don’t cut corners on safety if you do not want to fall prey to such circumstances.

How to protect yourself

Firstly, use a reliable VPN. Paid or freemium one — this is a pricing strategy when most of the product features are available in the free version but you need a subscription to get access to premium features. This is not the only indicator of the service reliability but one of possible criteria.

Each VPN service pays money for its users’ traffic. The more of them, the greater the VPN servers maintenance. One wonders, therefore, if a VPN is free or isn’t worth a penny, what does it earn? As the famous phrase goes, "If you don't pay for the product, then you are the product."

Of course, we recommend AdGuard VPN. Try out our apps for Android and iOS and browser extensions for Chrome, Firefox, and Edge. To make the VPN connection as secure as possible and protect users from leaks of their personal information, we use our own VPN protocol, AES-256 encryption, Kill Switch, and other advanced technology.

Secondly, consider choosing a good password manager. This is way more reliable than using the same password for a dozen of your accounts on different platforms (yep, one should not do this). You can check if the password associated with your email address has been pawned here or there.

Thirdly, switch to two-factor authentication wherever possible. An additional level of protection factor definitely won't hurt. Please note that 2FA is available for the AdGuard personal account where your subscriptions are stored. You can enable it here.

Liked this post?
Upd: March 4, 2021 Originally posted on March 2, 2021 4 min read Industry news
Lena Ter-Mikaelyan Lena Ter-Mikaelyan

Recommended articles
9,934 9934 user reviews
Excellent!

AdGuard for Windows

AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content.
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard for Mac

AdGuard for Mac is a unique ad blocker designed with macOS in mind. In addition to protecting you from annoying ads in browsers and apps, it shields you from tracking, phishing, and fraud.
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard for Android

AdGuard for Android is a perfect solution for Android devices. Unlike most other ad blockers, AdGuard doesn't require root access and provides a wide range of app management options.
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard for iOS

The best iOS ad blocker for iPhone and iPad. AdGuard eliminates all kinds of ads in Safari, protects your privacy, and speeds up page loading. AdGuard for iOS ad-blocking technology ensures the highest quality filtering and allows you to use multiple filters at the same time
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard VPN

74 locations worldwide

Access to any content

Strong encryption

No-logging policy

Fastest connection

24/7 support

Try for free
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard Content Blocker

AdGuard Content Blocker will eliminate all kinds of ads in mobile browsers that support content blocker technology — namely, Samsung Internet and Yandex.Browser. While being more limited than AdGuard for Android, it is free, easy to install and still provides high ad blocking quality.
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard Browser Extension

AdGuard is the fastest and most lightweight ad blocking extension that effectively blocks all types of ads on all web pages! Choose AdGuard for the browser you use and get ad-free, fast and safe browsing.
Read more
9,934 9934 user reviews
Excellent!

AdGuard Assistant

A companion browser extension for AdGuard desktop apps. It offers an in-browser access to such features as custom element blocking, allowlisting a website or sending a report.
Read more
9,934 9934 user reviews
Excellent!

AdGuard DNS

AdGuard DNS is a foolproof way to block Internet ads that does not require installing any applications. It is easy to use, absolutely free, easily set up on any device, and provides you with minimal necessary functions to block ads, counters, malicious websites, and adult content.
Read more
9,934 9934 user reviews
Excellent!

AdGuard Home

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
Read more
9,934 9934 user reviews
Excellent!

AdGuard Pro for iOS

AdGuard Pro has much to offer on top of the excellent iOS ad blocking in Safari already known to the users of the regular version. By providing access to custom DNS settings, the app allows you to block ads, protect your kids from adult content online, and safeguard your personal data from theft.
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard for Safari

Ad blocking extensions for Safari are having hard time since Apple started to force everyone to use the new SDK. AdGuard extension is supposed to bring back the high quality ad blocking back to Safari.
Read more
9,934 9934 user reviews
Excellent!

AdGuard Temp Mail

A free temporary email address generator that keeps you anonymous and protects your privacy. No spam in your main inbox!
Read more
9,934 9934 user reviews
Excellent!

AdGuard for Android TV

AdGuard for Android TV is the only app that blocks ads, guards your privacy, and acts as a firewall for your Smart TV. Get warnings about web threats, use secure DNS, and benefit from encrypted traffic. Relax and dive into your favorite shows with top-notch security and zero ads!
Read more
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device