ActMobile

In October 2021 a massive data exposure was identified involving ActMobile a prominent American VPN provider. The incident originated from an unsecured database that was left open to the public internet without password protection. This misconfiguration allowed unauthorized access to sensitive user information including unique email addresses and hashed passwords. Cybersecurity researchers discovered the open instance before the data was subsequently exfiltrated and shared on various underground hacking forums. The breach highlights significant risks associated with logging practices of VPN services that claim to maintain privacy while inadvertently storing identifiable user credentials and connection logs.