Hacker obtains data on thousands of VPN users

User records from a popular no-logs VPN service were obtained following a data breach

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A hacker has managed to steal the entire contents of aVPNprovider’s website server and they are currently in the process of trying to sell thousands of user records on a popular hacker forum.

As reported by the privacy-focused review sitePrivacySharks, theno-logs VPNserviceLimeVPNhas fallen victim to a massive data breach that puts more than 69,000 users of its service at risk.  A hacker who goes by the handle ‘slashx’ recently posted onRaidForumsadvertising the fact that they had obtained LimeVPN’s entire database and wanted to sell it for $400 in Bitcoin.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

PrivacySharks then contacted slashx to learn more about the breach and its researchers discovered that the scraped data from the VPN provider’s website includes records from its WHMCS billing system as well as account details including usernames, email addresses and passwords.

The hacker also toldPrivacySharksthat they are in possession of the private keys of every LimeVPN user which means they can easily decrypt each user’s traffic.

LimeVPN data breach

In order to gain new customers and retain their current customers, VPN providers must reassure users that their data will remain private and secure when using their services. In this instance though, LimeVPN’s image is now in question as the company had its entire database scraped as the result of a security breach.

At the same time though, LimeVPN’s no-logs policy will also likely face additional scrutiny because if the company didn’t keep logs on its users, then why was a hacker able to obtain them from its site. This is whyExpressVPN,NordVPNand many of the other top VPN providers in the industry have undergoneindependent auditsto backup the claims of their no logging policies.

Just asPrivacySharksreached out to LimeVPN for a comment on its recent data breach, so too didTechRadar Proand we were also unsuccessful at getting in touch with someone from the company. Additionally, in the time sincePrivacySharkspublished itsblog poston the matter, LimeVPN’s website went down and slashx is now selling the company’s entire website backup at a much higher price.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While contacting LimeVPN may have been an option for the company’s customers at the onset of the breach, PrivacySharks now recommends that users change their passwords, order a new credit card and consider investing inidentity theft protection.

We’ll likely hear more regarding this data breach once LimeVPN releases an official statement on the matter which could take some time as the company’s site is still down at the time of writing.

ViaPrivacySharks

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Should your VPN always be on?

3 reasons why PIA fell in our best VPN rankings

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)