On July 7, a Cybernews researcher discovered an open ElasticSearch instance containing 626GB of VPN connection logs during a routine check-up using open-source intelligence (OSINT) methods. This amounted to a database containing a staggering 5.7 billion entries, including user IDs, what IP addresses users were connecting to and from, domain names, and timestamps.
“This leak is significant, because the leaked data could be used to de-anonymize and track the users of this app,” said Aras Nazarovas, the researcher who led the investigation into the freeware. “Analysis of the Android app also shows that it is capable of functioning as spyware, and has remote code execution capabilities.”
read more
“This leak is significant, because the leaked data could be used to de-anonymize and track the users of this app,” said Aras Nazarovas, the researcher who led the investigation into the freeware. “Analysis of the Android app also shows that it is capable of functioning as spyware, and has remote code execution capabilities.”
read more