VPN providers claim to carry no logs of user activities. Some providers have been proven to keep logs including users IP addresses.
|VPN service||Collected and leaked data||Source||Date|
|iOS / Android
||It has been discovered that under certain circumstances, some of your mobile traffic on iOS and Android has been leaked, ending up outside the security chain created by a VPN tunnel. According to various reports this leakage can include DNS lookups, HTTPs traffic and IP addresses.||Malwarebytes 18
Ars Technica 19
Michael Horowitz 20
||The free VPN app BeanVPN left a database containing 18GB of connection logs exposed to the public. According to Cybernews, the exposed database envelopes more than 25 million records including user device and Play Service IDs, IP addresses and connection timestamps.||Cybernews 17||August 2022|
||A database containing 10GB worth of user data was leaked in several Telegram channels. The dump exposed the data of 21 million VPN users including popular free VPN services like SuperVPN, GeckoVPN and ChatVPN. The exposed email addresses and passwords were originally put up for sale on the dark web in 2021 and are now being released on Telegram for free. The leaked user information contains full names, billing details, email addresses and password strings.||vpnMentor 16||May 2022|
||Windscribe disclosed that two VPN servers hosted in Ukraine were seized by local authorities on June 24th, 2021. On the disk of the VPN servers contained an OpenVPN private key, which could have been used to impersonate a Windscribe VPN server and capture traffic running through it. Windscribe had failed to encrypt the servers in question, allowing for the retrieval of the private key. Windscribe severely compromised security claims by failing to follow established industry standards.||Ars Technica 15||July 2021|
||NordVPN was compromised and an internal private key has been leaked. This allows others to set up bogus VPN servers imitating official NordVPN servers. An unknown party had full remote control of the server for a period of time, and they could have used that to scoop up data from some users regardless of whether or not anything is stored on the server.||Techcrunch 14||October 2019|
Facebook paid people to install a "Facebook Research" VPN that is similar to Facebook's Onavo VPN app. The VPN app gets roots network access of the user’s phone and lets Facebook spy on all web activity. With the installation of Facebook's VPN app the company can log web browsing activity, scan what apps are used and even decrypt and analyze encrypted traffic. Facebook admitted it was running the VPN to gather data on usage habits.
|Techcrunch 13||January 2019|
|Safe Wi-Fi Verizon’s VPN
User logs of US-based VPN service IP Vanish were provided to authorities who were investigating a criminal case.
|Restore Privacy 11||June 2018|
||Onavo collects device data from users (Wi-Fi data and cellular data usage). Onavo VPN was developed by Facebook to examine phone user's app usage and mobile browsing data. Onavo VPN itself noted it collects the “time you spend using apps, mobile and Wi-Fi data you use per app, the websites you visit, and your country, device and network type.”||Security research 10||March 2018|
PureVPN was caught logging user data and provided this data to the FBI.
|FBI affidavit 8||October 2017 9|
||Hotspot Shield VPN collects large amount of user data and intercepts and redirects web traffic to advertising companies. The VPN service claims to keep no logs of personal user information or online activity while identifying user locations and serving advertisements.||FTC complaint 6||August 2017 7|
||Academic paper 4||January 2017 5|
||Hola VPN sold users' bandwidth for commercial purposes and botnets. Hola's users have been unwitting mercenaries in botnet-for-hire attacks. Bandwith of Hola's users was used to target sites in denial-of-service attacks.||Torrentfreak blog 3||May 2015|
||Proxy.sh announced on it's company blog that the VPN provider monitored and analyzed the traffic on one of its U.S.-hosted VPN servers. Proxy.sh, a VPN with a strict no-logs policy, decided to track some of its VPN network traffic after receiving an abuse complaint about hacking activities on a VPN node based in the United States.||Torrentfreak blog 2||September 2013|
|Hide My Ass
||HMA blog 1||September 2011|