A free VPN app on the Google Play Store exposed 25 million user records, including 18.5GB connection logs that could lead to threat actors finding out a user's email address, location, and more.
Discovered by Cybernews, free VPN service BeanVPN left over 25 million records open to the public, with Play Service IDs, IP addresses, connection timestamps and even user devices made publically available. The information was spotted on ElasticSearch, a free and open search and analytics engine, but the report states the search instance is now closed.
The BeanVPN app has more than 50,000 downloads on the Google Play Store, and is developed by IMSOFT. It isn't available on the App Store, but Android phone users should be aware.
The BeanVPN website has no information about the app, and instead promotes a "TeleFly for Telegram" app for MTProto proxy servers for Telegram. Cybernews reached out to the BeanVPN developer, but there has been no response.
"The information found in this database could be used to de-anonymize BeanVPN's users and find their approximate location using geo-IP databases," Cybernews security researcher Aras Nazarovas stated. "The Play Service ID could also be used to find out the user's email address that they are signed in to their device with."
Free VPNs can be risky
A VPN provides anonymity when browsing on public Wi-Fi, bypasses region-restricted websites, and keeps your online activity encrypted. By exposing user records, BeanVPN can't be used as a trusted service. Many free VPN options use weak encryption so attackers can easily access them, or worse, the VPN service can log your data and sell it off.
The best VPN services require a fee, but they are known for their tight security and fast speeds. For a better look at what you can use a VPN for, check out these five reasons why you need a VPN.
Stay in the know with Laptop Mag
Get our in-depth reviews, helpful tips, great deals, and the biggest news stories delivered to your inbox.
Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.