Be careful with the VPNs you choose to protect yourself, because not all of them are reliable! This is the case of the very popular SuperVNP, which exposes the data of millions of users on the Internet, at the mercy of cybercriminals.

Be careful with the VPNs you choose to protect yourself

Be careful with the VPNs you choose to protect yourself, because not all of them are reliable! This is the case of the very popular SuperVNP, which exposes the data of millions of users on the Internet, at the mercy of cybercriminals.

Increasingly fashionable, VPNs are practical tools for “privatizing” an Internet connection, in particular by making it possible to encrypt the data that circulates – and therefore to protect sensitive information such as identifiers, passwords, phone numbers, etc. bank accounts, etc. – and by changing the IP address, a useful function to circumvent the geographic limitations of streaming platforms, for example. But if they are easy to install and use, not all are created equal, far from it! And contrary to what they promise, some are completely untrustworthy.

This is the case with a large number of free VPNs, often inefficient, which sometimes create vulnerabilities on devices themselves. Worse still, there are some on the Play Store which, under the cover of a legitimate application, contain malware responsible for stealing a large amount of personal data. This time, it’s SuperVPN, which has been downloaded more than 100 million times, which is – again – under fire from critics. It’s very simple, an unencrypted database of more than 360 million data belonging to its users is freely accessible on the Web, and can therefore at any time fall into the hands of malicious people, if it has not already been done. !

SuperVPN: Sensitive data in plain sight

As reported VPNOverview, Jeremiah Fowler, the co-founder of cybersecurity research collective Security Discovery, discovered an unprotected 133 GB database linked to SuperVPN on the Internet. An easily searchable database, therefore, containing a lot of sensitive information: IP addresses, email addresses, geolocation data, history of websites visited, private cryptographic keys, user device models, operating systems, details of online activities, reimbursement requests… At the same time, when looking at their privacy policywe realize that, for a service supposed to protect the data of its users, the company collects a lot of it… This information can be particularly useful for cybercriminals to mount malicious operations, such as identity theft or phishing campaigns convincing.

Please note that there are two versions of SuperVPN: the first, available on the Google Play Store, is called “SuperVPN Fast VPN Client” and is published by SuperSoftTech, while the second, on the Apple App Store, is called “Super VPN – Better VPN Master” and is published by Qingdao Leyou Hudong Network Technology. The two companies to which SuperVPN is attached have not yet communicated about this new leak – it is already difficult to know if it is the same entity.

SuperVPN: a popular free service with heavy liabilities

Still, this isn’t the first time SuperVPN has been singled out for its security and privacy concerns. In 2020, this popular VPN was removed from the Play Store due to a flaw that allowed numerous hacks and was not fixed by the developers. Then, in March 2021, more than 21 million personal data (10 GB) of SuperVPN, GeckoVPN and ChatVPN users had been put up for sale on a forum, before reappearing on Telegram instant messaging in May 2022.

39483576

Also, it is strongly advised to remove SuperVPN immediately if you have installed it on any device. Be careful, because free VPNs tend to resell certain personal data to third parties – this is even the basis of their business model –, without necessarily being transparent about it – they hide their origin, their activities and their identity, for example. location of their head office, and have opaque privacy policies (see our article). Also, before using one, be sure to check certain elements, such as unclear speech on the data collected by the service provider or the absence of clear mentions of the owner and his head office. You can also check out our selection of free VPN services.

ccn5