Hong Kong-based VPN provider UFO VPN exposed a database of user logs and API access records on the web without a password or any other authentication required to access it. The exposed information includes plain text passwords and information that could be used to identify VPN users and track their online activity.
Bob Diachenko, who leads Comparitech’s security research team, uncovered the exposure, which affects both free and paid users of UFO VPN. He immediately alerted the company upon discovering the exposed data on July 1, 2020.Source: Comparitech
“Use a VPN!”, they said, “It’s secure and anonymous and there are no logs ever.”
What if I told you that all this VPN stuff is actually crap you should not trust? Oh wait, I did!