A free VPN App with more than 50,000 downloads on Google Play Store left a database of 18.5 GB of connection logs accessible to everyone on the Internet.
Corresponding cyber news, who made the discovery, the exposed database belongs to BeanVPN and contained more than 25 million records, including user device and game service IDs, IP addresses, connection timestamps, and other diagnostic information.
While the ElasticSearch instance has since been secured, Cybernews security researcher Aras Nazarovas stated in a blog entry (opens in new tab) what cybercriminals might do with the information it contains.
“The information found in this database could be used to de-anonymize BeanVPN users and find their approximate location using Geo-IP databases,” Nazarovas wrote. “The Play Service ID could also be used to find out the user’s email address with which they are logged in on their device.”
BeanVPN is developed by a company called IMSOFT…