Cybersecurity Experts Find Millions Of Free VPN User Records Have Been Compromised

Cyber Security and Hacking

Cybersecurity Experts Find Millions Of Free VPN User Records Have Been Compromised

Surfing the internet by using a VPN has become rather commonplace as people look to secure their browsing experience in the ever-expanding digital world. VPNs are usually a safe bet to not only access restricted content worldwide but also encrypt your data and prevent it from being leaked to hackers and the like.

But that’s exactly what happened with Bean VPN.

The best VPNs out there are paid VPNs but not everyone can afford to pay for the subscription neither do they want to go through all the hassle when they can just download the  best vpn services for free. So, in the search for this free VPN, they downloaded “Bean VPN,” and then they became victim to a user data leak that shocked the VPN world.

In this blog, we will take a look at what exactly transpired with this leak and how many people it affected. 

Millions Become Victim Of Bean VPN User Data Leak

Cybersecurity Experts Find Millions Of Free VPN User Records Have Been Compromised
Brief Background on Bean VPN

Bean VPN has been in the game for some time now and it garnered a name for itself by being the VPN that offered the best features, connectivity, security, and speed that a VPN could offer, all the while remaining free and available to the general public without having to get a subscription.

Owned by IMSOFT, a company that touts its data privacy policy of not keeping any user data logs, timestamps, or storing any IP addresses, Bean VPN pushed forward the same values. This created a belief that Bean VPN was a safe free alternative to the paid VPNs out there. The reality, on the other hand, was much more different. 

Violating Their Privacy Policy

The reality is that Bean VPN does log all those things. It logs your IP addresses and timestamps, and logs of the sites you visit and the files you download. This is in direct violation of its own privacy policy.

This violation makes the VPN unsafe, as it tracks your activity on the internet. It gathers your private data, which it can then sell to a third party or it can be liable to supply it to the government of the country where it houses the data.

Additionally, it makes it vulnerable to hacks and attacks, which could then lead to a data leak. Like what happened in this case. Had it not been for violating its own privacy policy, there wouldn’t have been any data to leak. 

The Leak – As It Happened

The leak itself had been present from day one due to Bean VPN’s violation of its own users’ privacy. Analysts found out the data leak itself; white-hat hackers and researchers came across an unsecured server. When they entered the server, they were shocked to find an entire database, worth 18.5 GBs of data, just sitting there.

The database had over 25 million records, which is a staggering number to comprehend. It contained timestamps, IP addresses, device IDs, Play service IDs, and so much more. This data was just sitting there on the unsecured server. Exploitable by anyone.

Cybersecurity researchers at Cybernews found this leak. They found this and immediately made their findings public. One researcher informed everyone that this data could easily be used to find out the real identity of the users of Bean VPN. And even be able to approximate their locations using the geo-IP database.

The Play service ID data was also a vulnerability. With the researcher saying that email addresses of all users could easily become viewed through this feature, further endangering their privacy and digital presence.  

How You Can Avoid This

It seems that even if a VPN claims that they have your best interests at heart. And they tout their privacy and security features. As a result, you can’t really believe a VPN unless it’s proven that they are really safe.

So, choosing proven VPNs is the way to go. But the reality is that to do that, you would have to pay something. Free VPNs, as attractive as they sound, are wholly unreliable. Even the most popular free VPN in the world, SuperVPN. Moreover, is highly unsafe for use and has a lot of vulnerabilities that can become exploited.

So, moving towards paid VPNs is what we would recommend. VPNs such as ExpressVPN, NordVPN VyprVPN, Surfshark, and the like provide the real security and privacy features, such as a kill switch, 256-Bit AES encryption, strict and tested no-logs policies, split tunneling, and much more. 


VPNs should ultimately free you from worry about your data privacy. They should help you unlock content while keeping you safe on the internet. Free VPNs are not able to do that properly. Due to this, data leaks have become more and more common among them.

Bean VPN is just one example out of the hundreds out there. And it has faced severe backlash for leaking the data of over 25 million people. So, if you’d rather avoid that, then we recommend going for a paid and proven VPN that can give you the assurance you need.

Cyber Security and Hacking