VPN Leaks

VPN providers claim to carry no logs of user activities. Some providers have been proven to keep logs including users IP addresses.

VPN service Collected and leaked data Source Date
iOS / Android
It has been discovered that under certain circumstances, some of your mobile traffic on iOS and Android has been leaked, ending up outside the security chain created by a VPN tunnel. According to various reports this leakage can include DNS lookups, HTTPs traffic and IP addresses. Malwarebytes 18
Ars Technica 19
Michael Horowitz 20
August 2022
The free VPN app BeanVPN left a database containing 18GB of connection logs exposed to the public. According to Cybernews, the exposed database envelopes more than 25 million records including user device and Play Service IDs, IP addresses and connection timestamps. Cybernews 17 August 2022
SuperVPN GeckoVPN
A database containing 10GB worth of user data was leaked in several Telegram channels. The dump exposed the data of 21 million VPN users including popular free VPN services like SuperVPN, GeckoVPN and ChatVPN. The exposed email addresses and passwords were originally put up for sale on the dark web in 2021 and are now being released on Telegram for free. The leaked user information contains full names, billing details, email addresses and password strings. vpnMentor 16 May 2022
Windscribe disclosed that two VPN servers hosted in Ukraine were seized by local authorities on June 24th, 2021. On the disk of the VPN servers contained an OpenVPN private key, which could have been used to impersonate a Windscribe VPN server and capture traffic running through it. Windscribe had failed to encrypt the servers in question, allowing for the retrieval of the private key. Windscribe severely compromised security claims by failing to follow established industry standards. Ars Technica 15 July 2021
NordVPN was compromised and an internal private key has been leaked. This allows others to set up bogus VPN servers imitating official NordVPN servers. An unknown party had full remote control of the server for a period of time, and they could have used that to scoop up data from some users regardless of whether or not anything is stored on the server. Techcrunch 14 October 2019
Facebook VPN Named Facebook Research VPN, working similar to Facebooks's Onavo VPN
Facebook paid people to install a "Facebook Research" VPN that is similar to Facebook's Onavo VPN app. The VPN app gets roots network access of the user’s phone and lets Facebook spy on all web activity. With the installation of Facebook's VPN app the company can log web browsing activity, scan what apps are used and even decrypt and analyze encrypted traffic. Facebook admitted it was running the VPN to gather data on usage habits.
  • Private messages in social media apps
  • Chats from instant messaging apps (including photos and videos)
  • Emails
  • Web searches
  • Web browsing activity
  • Location information
Techcrunch 13 January 2019
Safe Wi-Fi Verizon’s VPN
The first draft of Verizon's privacy policy states that personal information may be used for marketing purposes. Motherboard 12 August 2018
IP Vanish A StackPath / j2 Global owned company
User logs of US-based VPN service IP Vanish were provided to authorities who were investigating a criminal case.
  • Full name
  • Email address
  • Username
  • Reset password
  • Connection time
Restore Privacy 11 June 2018
Onavo (Facebook's VPN)
Onavo collects device data from users (Wi-Fi data and cellular data usage). Onavo VPN was developed by Facebook to examine phone user's app usage and mobile browsing data. Onavo VPN itself noted it collects the “time you spend using apps, mobile and Wi-Fi data you use per app, the websites you visit, and your country, device and network type.” Security research 10 March 2018
PureVPN was caught logging user data and provided this data to the FBI.
  • Leaks source IP address
  • Keeps time stamp logs (users’ connection time)
FBI affidavit 8 October 2017 9
Hotspot Shield
Hotspot Shield VPN collects large amount of user data and intercepts and redirects web traffic to advertising companies. The VPN service claims to keep no logs of personal user information or online activity while identifying user locations and serving advertisements. FTC complaint 6 August 2017 7
Betternet VPN
  • Tracking users’ activities by various tracking libraries
  • Gives third parties access to users’ computers
  • Contains malware and adware
Academic paper 4 January 2017 5
Hola VPN
Hola VPN sold users' bandwidth for commercial purposes and botnets. Hola's users have been unwitting mercenaries in botnet-for-hire attacks. Bandwith of Hola's users was used to target sites in denial-of-service attacks. Torrentfreak blog 3 May 2015
Proxy.sh announced on it's company blog that the VPN provider monitored and analyzed the traffic on one of its U.S.-hosted VPN servers. Proxy.sh, a VPN with a strict no-logs policy, decided to track some of its VPN network traffic after receiving an abuse complaint about hacking activities on a VPN node based in the United States. Torrentfreak blog 2 September 2013
Hide My Ass
  • Leaks source IP address
  • IP address of the individual VPN server used by HMA customer
  • Logs time stamp when user connects and disconnects to HMA
  • Amount of data transmitted
  • HMA username
HMA blog 1 September 2011