VPN Leaks

VPN providers claim to carry no logs of user activities. Some providers have been proven to keep logs including users IP addresses.

VPN Service Collected and Leaked Data Source Date
NordVPN
NordVPN was compromised and an internal private key has been leaked. This allows others to set up bogus VPN servers imitating official NordVPN servers. An unknown party had full remote control of the server for a period of time, and they could have used that to scoop up data from some users regardless of whether or not anything is stored on the server. Techcrunch 13 October 2019
Facebook VPN Named Facebook Research VPN, working similar to Facebooks's Onavo VPN
Facebook paid people to install a "Facebook Research" VPN that is similar to Facebook's Onavo VPN app. The VPN app gets roots network access of the user’s phone and lets Facebook spy on all web activity. With the installation of Facebook's VPN app the company can log web browsing activity, scan what apps are used and even decrypt and analyze encrypted traffic. Facebook admitted it was running the VPN to gather data on usage habits.
  • Private messages in social media apps
  • Chats from instant messaging apps (including photos and videos)
  • Emails
  • Web searches
  • Web browsing activity
  • Location information
Techcrunch 12 January 2019
Safe Wi-Fi Verizon’s VPN
The first draft of Verizon's privacy policy states that personal information may be used for marketing purposes. Motherboard 11 August 2018
IP Vanish A StackPath / j2 Global owned company
User logs of US-based VPN service IP Vanish were provided to authorities who were investigating a criminal case.
  • Full name
  • Email address
  • Username
  • Reset password
  • Connection time
Restore Privacy 10 June 2018
Onavo (Facebook's VPN)
Onavo collects device data from users (Wi-Fi data and cellular data usage). Onavo VPN was developed by Facebook to examine phone user's app usage and mobile browsing data. Onavo VPN itself noted it collects the “time you spend using apps, mobile and Wi-Fi data you use per app, the websites you visit, and your country, device and network type.” Security research 9 March 2018
PureVPN
PureVPN was caught logging user data and provided this data to the FBI.
  • Leaks source IP address
  • Keeps time stamp logs (users’ connection time)
FBI affidavit 7 October 2017 8
Hotspot Shield
Hotspot Shield VPN collects large amount of user data and intercepts and redirects web traffic to advertising companies. The VPN service claims to keep no logs of personal user information or online activity while identifying user locations and serving advertisements. FTC complaint 5 August 2017 6
Betternet VPN
  • Tracking users’ activities by various tracking libraries
  • Gives third parties access to users’ computers
  • Contains malware and adware
Academic paper 3 January 2017 4
Hola VPN
Hola VPN sold users' bandwidth for commercial purposes and botnets. Hola's users have been unwitting mercenaries in botnet-for-hire attacks. Bandwith of Hola's users was used to target sites in denial-of-service attacks. Torrentfreak blog 2 May 2015
Hide My Ass
  • Leaks source IP address
  • IP address of the individual VPN server used by HMA customer
  • Logs time stamp when user connects and disconnects to HMA
  • Amount of data transmitted
  • HMA username
HMA blog 1 September 2011