Sensitive user IP data is being leaked by three popular VPNs, security researchers find
Users of three popular virtual private networks (VPNs) are being warned about a new data breach.
This is the warning from the VPN advice website vpnMentor, who hired three white hat hackers to conduct a series of privacy tests on the VPNs.
VPNs are commonly used by users to browse the web anonymously, and are often subjected to crackdowns in certain countries around the world with repressive regimes.
The website’s researchers found that Hotspot Shield, PureVPN, and Zenmate VPN all suffer from IP leaks of data that could be sensitive.
The researchers found these VPNs could potentially allow governments or hostile actors to identify the actual IP address of a user, even with the use of the VPNs.
Of of the three VPNs, the Zenmate’s leak was described as somewhat minor, compared to the leaks of Hotspot Shield and PureVPN.
“We believe that most other VPNs suffer from similar issues, so the fast response of Hotspot Shield is something we think is worth commending,” wrote vpnMentor. “We felt that they worked with our research team in a fast and serious manner and that they care for their users. They took our research as help for improvement rather than criticism.”
“Since the vulnerabilities in PureVPN and Zenmate are still not fixed, we are only sharing information about the vulnerabilities that were found and patched in HotSpot Shield,” the website disclosed. “We advise users of PureVPN and Zenmate to be wary of the leaks they may face and check with their VPN providers for an immediate fix.”
All the IP leaks were apparently associated with PAC scripts and were found in the Chrome plug-in. It seems that the mobile and desktop apps were not affected by these vulnerabilities.
And the website warned that these leaks are a worrying development.
“VPNs are not as safe as many may think,” it warned. “The fact that we found leaks in all the VPNs that we tested is worrying. Our guess is that most VPNs have similar leaks and that users should take this into consideration when using VPNs.”
The use of VPNs is considered by some to be controversial, but others argue that these tools ensure user privacy when web surfing.
However, since 2013 leaks from NSA whistleblower Edward Snowden have suggested that certain intelligence agencies have a tool that can used to crack VPNs.
In 2015 Netflix reportedly began blocking subscribers who access the streaming site via VPNs, proxies and other services that can bypass geographical restrictions placed on the service.
That action was apparently taken after pressure from movie studios and production companies, who reportedly lobbied Netflix to block such technology as it was affecting their licensing agreements.
Can you protect your privacy online? Take our quiz!