Free VPN software program supplier BeanVPN has reportedly left virtually 20GB of connection logs accessible to the general public, in response to an investigation by Cybernews.
The cache of 18.5GB connection logs allegedly contained greater than 25 million information, which included consumer gadget and Play Service IDs, connection timestamps, IP addresses and extra.
Cybernews mentioned it discovered the database utilizing an ElasticSearch occasion throughout a routine checkup, which the corporate has now reportedly closed.
Nonetheless, if picked up by malicious actors, the data may very well be exploited to de-anonymize and thus determine BeanVPN’s customers and their approximate location.
“The Play Service ID may be used to search out out the consumer’s e-mail handle that they’re signed in to their gadget with,” defined Aras Nazarovas, a safety researcher from Cybernews.
Based on the VPN supplier’s web site, nevertheless, its privateness coverage clearly states they don’t acquire logs of consumer exercise, “together with no logging of shopping historical past, visitors vacation spot, information content material or DNS queries.”
The privateness coverage additionally says BeanVPN doesn’t acquire IP addresses, outgoing VPN IP addresses, connection timestamps or session durations.
These claims would starkly distinction with the data allegedly obtained by Cybernews, which might basically include all consumer information BeanVPN says it doesn’t acquire.
The corporate has not instantly responded to Infosecurity Journal’s request for touch upon the matter, and we’ll replace this text with any related info as quickly because it turns into accessible to us.
VPNs are helpful instruments to extend one’s privateness and safety posture. Nevertheless, in response to Etay Maor, senior director of safety technique at Cato Networks, they could be witnessing a discount in adoption charges for a number of enterprises due to numerous post-pandemic developments.
