"BeanVPN leaks 25 million user records"

According to an investigation by Cybernews, free VPN software provider BeanVPN has reportedly left almost 20GB of connection logs accessible to the public.  Cybernews stated that the cache of 18.5GB connection logs allegedly contained more than 25 million records, including user device and Play Service IDs, connection timestamps, IP addresses, and more.  During a routine checkup, the researchers found the database using an ElasticSearch instance, which the company has reportedly closed.   If picked up by malicious actors, the information could be exploited to de-anonymize and thus identify BeanVPN’s users and their approximate location.  The researchers stated that the Play Service ID could also be used to find out the user’s email address that they are signed in to their device with.  According to the BeanVPN website, its privacy policy clearly states they don’t collect logs of user activity, including no logging of browsing history, traffic destination, data content, or DNS queries.  The privacy policy also says BeanVPN does not collect IP addresses, outgoing VPN IP addresses, connection timestamps, or session durations.  Cybernews stated that BeanVPN is not following its privacy policy since the cache the researchers discovered contained all user data BeanVPN says it does not collect.

Infosecurity reports: "BeanVPN leaks 25 million user records"