One of the many reasons people choose to use VPNs is because they’re designed to encrypt your data and also guard your privacy. That is pretty much its main selling point, where you can use it when you’re on public WiFi or if you simply rather not have your internet provider know what you’re up to.
However, it appears that over in Hong Kong, Comparitech’s Bob Diachenko discovered that there were several VPNs who were logging user data, despite the fact that they advertised that they did not embark on such practices. This included nearly 1TB worth of records in an Elasticsearch cluster by UFO VPN.
The logs contained data such as account passwords, tokens, IP addresses of user devices, and VPN servers that these users connected to, all of which appeared to be stored in plaintext format which basically allowed anyone to view them. When UFO VPN were alerted to the issue, they blamed the coronavirus pandemic for the issue, stating that due to “personnel changes”, it prevented its staff from securing the database’s networking.
UFO VPN is not alone in this as several other Hong Kong-based VPN services were found doing the same thing. As for UFO VPN, they claimed that these logs were kept for traffic-performance monitoring, even though that seems to go against the company’s claims that they do not track user activities.