Free VPN software provider BNVPN About 20GB of connection logs are said to have been left inaccessible to the public, according to an investigation by. Cybernews.
The 18.5GB connection log cache contains over 25 million records, including user device and play service ID, connection timestamp, IP address, and more.
CyberNews says it found the database using an elastic search example during a routine checkup, which the company has now reportedly shut down.
However, if sorted by malicious actors, the information can be used to free anonymous users and thus identify BeanVPN users and their approximate location.
“The Play Service ID can also be used to find the user’s email address with which they signed in to their device,” explained Aras Nazarov, a security researcher at CyberNews.
According to the VPN provider’s website, however, its privacy policy explicitly states that they do not collect logs of user activity, including “logging of browsing history, traffic destination, data content or DNS queries.”
The Privacy Policy further states that BeanVPN does not collect IP addresses, outgoing VPN IP addresses, connection timestamps or session durations.
These claims would be in stark contrast to the information obtained by CyberNews, which would contain data on virtually all users BeanVPN says it does not collect.
The agency did not immediately respond to a request for comment Infosecurity Magazine requests comment on this topic, and we will update this article as soon as it becomes available to us with any relevant information.
VPN is a useful tool for enhancing one’s privacy and security. However, according to Ite Maur, senior director of security strategies at the Cato Network, they could reduce the adoption rate for a number of initiatives due to the various post-epidemic trends.
