Most of the internet users use VPN for anonymous web browsing and they trust the VPN service for their privacy. But the recent report about VPNs has shocked us. As per the report, popular VPNs have been found leaking sensitive user IP data.
The vpnMentor tested popular VPN services with the help of security researchers and published the findings. The report says that three popular VPN service providers—HotSpot Shield, PureVPN, and Zenmate have flaws that could compromise user’s privacy. These VPN service providers are leaking the real IP addresses of users that could be used to FBI with logs.
Also see: 100+ Free Proxy Server Sites
It is worth to note that PureVPN claims ‘no log’ policy but was found helping FBI with logs few months back.
The vpnMentor has not revealed the issues it found in ZenMate and PureVPN because the flaws have not been patched yet. But it confirmed the issues it found in HotSpot Shield. Here is the list of issues with HotSpot Shield:
- Hijack all traffic (CVE-2018-7879) : It was found in Hotspot Shield’s Chrome extension. Attacker can remotely exploit it to redirect victim’s web traffic to a malicious site.
- DNS leak (CVE-2018-7878) : It exposes users’ original IP address to the DNS server. So, ISPs can monitor and record users’ online activities.
- Real IP Address leak (CVE-2018-7880) : Hackers can track user’s real location and the ISP.
All these vulnerabilities affected uses who were using HotSpot Shield’s free Chrome extension. All these vulnerabilities have been fixed. desktop or smartphone apps were safe.
Similar kinds of vulnerabilities were also in Zenmate and PureVPN but they have kept it secret until the they have been fixed.
Researchers believe that other VPN services also suffer similar kinds of issues. So, you must think whether you should trust these services and pay for something they just claim.
