On May 7th, 2022, a database containing the personal details and login credentials of 21 million users was leaked in a Telegram group, Hackread.com has learned. What’s noteworthy is that the dump also exposed the data of VPN users including popular VPNs like SuperVPN, GeckoVPN, and ChatVPN.
The database was previously put up for sale on the Dark Web last year, but currently, it is available on Telegram for free.
Database Exposed 10GB of Data
According to researchers at VPNMentor, the leaked records comprised 10GB of data and exposed 21 million unique records. The information included the following:
- Full names
- Usernames
- Country names
- Billing details
- Email addresses
- Randomly generated password strings
- Premium status and validity period
Further probe indicated that the leaked passwords were random, hashed, or salted without collision, therefore each was different and much more difficult to crack. A majority of the email IDs, about 99.5%, were Gmail accounts. But, researchers at vpnMentor believe that the dumped data is only a subset of the full dump.
For now, it is unclear whether the data was stolen as a result of a data breach or it was obtained from some misconfigured server. Either way, the damage is done and users are now at risk of scams and prying eyes.