Free VPN caught leaking user data

May 26, 2023

By Kim Komando

I’ve said it before and I’ll say it again: Some things aren’t worth trying for free. A Virtual Private Network (VPN) is at the top of that list. There’s just too much temptation for cybercriminals to hack into those that aren’t adequately secured or for shady developers to offer “free” software that tracks your every move.

Bad news for SuperVPN, which fell somewhere in between. Lax security practices left a huge database open for anyone to browse.

Oh, that is not good

The app has over 100 million downloads across the Apple App Store and Google Play Store, and a mind-boggling 360 million user records were leaked.

Included in the leaked info: Email addresses, original IP addresses, geolocation records, unique users’ identifiers, references to visited websites, operating systems, devices and online activities. Woof.

A cybersecurity researcher, Jeremiah Fowler, discovered the exposed info. He reached out to SuperVPN and said the database was closed down without any explanation. Come on, not even a thank you?

It gets worse

Fowler noticed something strange: SuperVPN was listed under two developers in the Apple and Android app stores. It seems both have connections to China, with “notes inside the database … in the Chinese language.”

Oh, and it was kicked out of the Google Play Store in 2020 for more suspicious behavior.

Bottom line: If you have this app on your phone, delete it. Now. You should look into every app you download, especially if that app collects this much personal info.

My VPN pick is one you can trust — our sponsor, ExpressVPN.