Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. The data includes email addresses, randomly generated password strings, payment information, and device IDs belonging to users of three VPN apps—SuperVPN, GeckoVPN, and ChatVPN.
The attacks, which have not been confirmed by the VPN developers, represent the most recent privacy broadsides against the VPN industry.
https://blog.malwarebytes.com/cybercrime/privacy/2021/03/21-million-free-vpn-users-data-exposed/
