July 2, 2022



Free VPN reportedly exposed 25 million user records — here’s the culprit

2 min read

A free VPN app on the Google Play Store exposed 25 million user records, including 18.5GB connection logs that could lead to threat actors finding out a user’s email address, location, and more.  

Discovered by Cybernews, free VPN service BeanVPN left over 25 million records open to the public, with Play Service IDs, IP addresses, connection timestamps and even user devices made publically available. The information was spotted on ElasticSearch, a free and open search and analytics engine, but the report states the search instance is now closed. 

The BeanVPN app has more than 50,000 downloads on the Google Play Store, and is developed by IMSOFT. It isn’t available on the App Store, but Android phone users should be aware.

What’s worse, the company’s privacy policy states: “we do not collect logs of your activity, including no logging of browsing history, traffic destination, data content, or DNS queries. We also never store connection logs, i.e., no logs of your IP address, your outgoing VPN IP address, connection timestamp, or session duration.”

The BeanVPN website has no information about the app, and instead promotes a “TeleFly for Telegram” app for MTProto proxy servers for Telegram. Cybernews reached out to the BeanVPN developer, but there has been no response. 

(Image credit: BeanVPN)

“The information found in this database could be used to de-anonymize BeanVPN’s users and find their approximate location using geo-IP databases,” Cybernews security researcher Aras Nazarovas stated. “The Play Service ID could also be used to find out the user’s email address that they are signed in to their device with.” 

See also  The best cheap AirPods deals in April — from $99

Free VPNs can be risky

Copyright © All rights reserved. | Newsphere by AF themes.