Security Alert: Two Major VPN Providers Hacked

VikingVPN is on high alert after two major VPN providers have been compromised this week in what looks to be a black-hat attempt to destroy competition by an unknown actor. The profiles of the attacks appear to be that the attackers are trying to deface or damage the companies rather than gain customer information. This points to an actor from the industry either acting on its own, or hiring mercenary hackers to damage competitors reputations.

Earlier this week, EarthVPN appears to have suffered a major breech via SQL injection attack. It is discussed here. EarthVPN comments in the thread saying that users should not be concerned about the breach because the passwords are hashed, which is abysmally bad policy. A weak hashed password can be broken in minutes. They should be mass emailing their users to change their passwords immediately, or generating new temporary passwords for everyone and advising them to the situation. Falling victim to a SQL injection is also very unprofessional, as it is one of the oldest types of attacks on the internet that is a persistent threat to databases of customer information.

Today, PureVPN appears to have lost control of their mailchimp account. Clients have reported receiving an email saying that they are "discontinuing service due to a government investigation" and instructed users to do chargebacks on the credit cards or file paypal disputes to recover their money because "their accounts are frozen". PureVPN created this post upon discovery of the problem. They are still investigating how the intrusion occurred.

Edit: Users are now reporting that some active accounts no longer have access to the network for PureVPN. The attacks may have compromised the website or VPN servers, or a DDoS against some PureVPN servers may have begun.

< last
next >