Seven Hong Kong VPN providers accused of exposing private user data
At least some of the information went offline, although it was visible in IoT search engine Shodan.io for 18 days.
One of the providers, UFO VPN, claimed that it couldn’t lock down its data quickly due to pandemic-related staff changes. It also maintained that the logs were only used for performance monitoring and were supposedly anonymized. CompariTech and VPNMentor say UFO’s claims are incorrect, though, pointing to sample data that mentions explicit names. As it stands, the zero-log claim is clearly untrue.
The incident underscores the problems with white label VPN services. It’s all too easy for some companies to rebrand services without being held to account for their claims. If you’re concerned about the privacy of your data, it may be better to stick to major brands.
It’s also particularly dangerous for Hong Kong. Critics of the government use VPNs precisely to avoid China’s surveillance and censorship. A data leak like this not only undermines the privacy of these VPNs, but risks making it easy for officials to crack down on dissidents. While it’s unclear how much of the info was made public, this could easily leave the VPN firms’ customers scrambling to switch providers and change login details.