People depend on VPNs to provide a safe and private browsing experience without intrusive tracking. So when word gets out that a popular VPN service experienced a data leak, the privacy-minded among us get a sinking feeling in our collective guts.
The reason? VPNs are designed to port your traffic through alternative networking routes that avoid tracking by ISPs and other entities. This means when a VPN leaks, your web history and personal data are all at serious risk. Tap or click here to see how dangerous a previous VPN leak was.
But the only thing worse than one VPN service leaking is several. And that’s exactly what happened to seven different Android VPN services available on the Google Play Store. Google has since removed one of the offenders, but the other six are still at large. Here are the apps you need to delete from your phone.
Seven VPNs leak private data, Google only removes one
According to researchers at VPNMentor, multiple “no-log” VPNs were discovered to be hosting user data on an unprotected private server. What’s more, this data included a wide range of personal information obtained from users — which flies directly in the face of these apps’ stated purpose as “no-log” VPNs.
Leaks from unsecured servers are one of the most common ways that large reams of personal data make their way to the corners of the web. It’s appalling that multiple programs would not only host their data in an unsecured way but also outright lie about what they were collecting in the first place.
On the server, researchers found logs of personally identifiable information for over 20 million VPN users. This data included multiple instances of internet activity logs (like browsing history), as well as full email addresses, clear text passwords IP addresses and even home addresses.
Curiously, most of the leaking apps seemed to share several under-the-hood aspects in common. Not only did many feature the same underlying code and server infrastructure, but several also featured the same payment processing system.
While there is no evidence that this data has been exploited in the wild just yet, VPNMentor didn’t want to take any chances and reported its findings to Google. Since then, Google has only removed one of the offending programs out of seven.
I use a VPN app on my Android phone! What should I do?
Thankfully, VPNMentor released a complete list of all the apps discovered to be involved in the leak. Out of the seven, only RabbitVPN was officially removed from Google Play. But if you have any of the following apps on your device, you need to delete them immediately to protect your data.
- UFO VPN
- FAST VPN
- Free VPN
- Super VPN
- Flash VPN
- Secure VPN
To uninstall them, simply open the Settings app and look for a menu option labeled Apps. Scroll through your list of installed apps until you find any of the apps listed above. Then, tap them to uninstall.
As for your data, you’ll also need to check and make sure your accounts aren’t floating around on some shady Dark Web marketplace. HaveIBeenPwned is a great resource for this, as it scans known marketplaces and keeps tabs on some of the biggest data leaks in web history. Tap or click here to find out more about HaveIBeenPwned.
Lastly, you’ll need to make sure nobody is using your personal information for fraud. Contacting your banks in advance is a good precaution, and freezing your credit to prevent identity theft is another solid way to protect yourself. Tap or click here to see the benefits of a credit freeze.
But beyond taking proactive measures, you’re probably also wanting a replacement VPN that will actually do what it says and protect your data. Well, if you’re looking for a safe and secure VPN that emphasizes speed and privacy, look no further than our sponsor ExpressVPN.
Get an extra 3 months free of ExpressVPN when you sign up at ExpressVPN.com/Kim