VPN Exposes Data for 1M Users, Leading to Researcher Questioning
The free virtual private network (VPN) service known as Quickfox has been compromised, exposing the personally identifiable information of more than a million users. This marks the latest high-profile VPN security disaster and has led experts to warn that VPNs are increasingly vulnerable to leaks and attacks. Quickfox provides access to Chinese websites from outside the country and users in China, Indonesia, Japan, Kazakhstan, and the US were affected, according to researchers. A total of 500 million records and 100GB of data was exposed.
Researchers at WizCase initially discovered a misconfigured Elasticsearch database belonging to Quickfox. Quickfox allegedly failed to set up security measures for their Elasticsearch server as it did for other databases such as Kibana. The leaked data included emails, phone numbers, information about software on the devices of the 300,000 users exposed, and more sensitive information belonging to Quickfox users.