The data of users of several VPN-services was SQL dumped on Telegram. A total of 21 million entries were leaked, including e-mail addresses, names and passwords.

The dump revealed the data of users of several VPN services, including free GeckoVPN, SuperVPN and ChatVPN. The dump was first put up for sale in Darknet in 2021. The database file is dated February 25, 2021. Now it has been published for free in Telegram.

It looks like the entries in the file are unique, so the dump could have affected 21 million users. In general, the database contains:

  • E-mail addresses
  • Login
  • Full names
  • Names of countries
  • Randomly generated password strings
  • Payment Details
  • Premium status and validity

It seems that the passwords in the file are either hashed and “salting”, or random, without collisions. This means that the hash of all passwords is different and will be harder to crack.

99.1% of addresses are for Gmail accounts. This is much higher than the average share – and may mean that only part of the stolen data is freely available.

VPNs are commonly used for privacy and anonymity, so a dump can cause a lot of trouble. For example, if it was used by members of the LGBTQ community, which is banned in certain countries. Hackers can blackmail such users.

Attackers can also send phishing emails using real data to gain trust, or pick up passwords and hack accounts. If the database falls into the hands of the government, which bans certain resources or VPN services, it could lead to the arrest of dissidents.

Those who may have suffered from a dump are advised to change the password of their VPN account account as soon as possible. The new password should be as strong as possible, containing a combination of numbers, uppercase and lowercase letters.

Suspicious emails and SMS should also be ignored so as not to fall victim to criminals.