According to VPN Mentor, a private firm which reviews virtual private networks (VPN), after research, it has been discovered that three VPN service providers with millions of customers worldwide are leaking sensitive data such as users’ IP addresses. These VPNs include HotSpot Shield, PureVPN, and Zenmate.
The purpose of using a VPN depends on the situation but mostly people opt-in for VPNs to fight online censorship by accessing websites that are blocked by their ISPs while some chose to use VPN for anonymity and better privacy, information security training professionals said.
But when the VPN you thought was protecting your privacy was actually posing a threat to it. That means that now you can be under government surveillance or malicious organizations, hackers can track your IP address and identify your ISP or on a business level, it can allow attackers to carry distributed denial-of-service (DDoS) attacks.
According to VPN Mentor’s blog post, in order to find vulnerabilities in HotSpot Shield, PureVPN, and Zenmate VPN Mentor hired three ethical hackers who after testing concluded all three VPN have been leaking IP address of the user, even when a VPN is in use posing a massive privacy threat.
It must be noted that the vulnerabilities exist in the Chrome browser plugins for all three VPNs and not in the desktop or smartphone apps.
As per information security training experts report, AnchorFree’s HotSpot Shield was filled with three vulnerabilities. The first vulnerability (CVE-2018-7879) allowed remote attackers to cause a reload of the affected system or to remotely execute code.
The second and third vulnerabilities (CVE-2018-7878 & CVE-2018-7880) leaked IP and DNS addresses which poses a privacy threat to users since hackers can track user location and the ISP.
It must be recognized that HotSpot Shield was quick to respond to VPN Mentor regarding the vulnerabilities and patched all vulnerabilities professionally and timely protecting millions of its users from what could be a serious threat if exploited.
“The fast response of Hotspot Shield is something we think is worth commending. We felt that they worked with our research team in a fast and serious manner and that they care for their users. They took our research as help for improvement rather than criticism,” said the co-founder of VPN Mentor Mr. Ariel Hochstadt.
In PureVPN and Zenmate, information security training researchers also found that loopholes similar to Hotspot Shield may leak user sites and IP addresses. However, because they did not receive a response from both manufacturers, they did not specify the vulnerabilities of both.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.