HotSpot Shield, PureVPN & ZenMate found leaking users real IP addresses
According to researchers, after an in-depth research, it has been discovered that three VPN service providers with millions of customers worldwide are leaking sensitive data such as users’ IP addresses – These VPNs include HotSpot Shield, PureVPN, and Zenmate.
The purpose of using a VPN depends on the situation but mostly people opt-in for VPNs to fight online censorship by accessing websites that are blocked by their ISPs while some chose to use VPN for anonymity and better privacy.
But what happens when the VPN you thought was protecting your privacy was actually posing a threat to it? You can be under malicious organizations surveillance, hackers can track your IP address and identify your ISP or on a business level, it can allow attackers to carry distributed denial-of-service (DDoS) attacks.
According to VPN Mentor’s blog post, in order to find vulnerabilities in HotSpot Shield, PureVPN, and Zenmate VPN Mentor hired three ethical hackers who after testing concluded all three VPN have been leaking IP address of the user, even when a VPN is in use posing a massive privacy threat.
Out of three hackers, one has decided to keep their identity hidden while one going by the online handle of File Descriptor while the other Paulos Yibelo.
According to the findings, HotSpot Shield was filled with three vulnerabilities.
The first vulnerability (CVE-2018-7879) allowed remote attackers to cause a reload of the affected system or to remotely execute code.
The second and third vulnerabilities (CVE-2018-7878 & CVE-2018-7880) leaked IP and DNS addresses.
HotSpot Shield was quick to respond to researchers regarding the vulnerabilities and patched all vulnerabilities professionally and timely protecting millions of its users from what could be a serious threat if exploited.
In PureVPN and Zenmate, researchers also found that loopholes similar to Hotspot Shield may leak user sites and IP addresses. However, because they did not receive a response from both manufacturers, they did not specify the loopholes of both, but they appealed for two products. The user pays attention and confirms with the manufacturer.