According to analysts, the VPN provider LimeVPN has been hacked, affecting 69,400 user records. Before taking down the company's website, a hacker claims to have taken the company's entire client database. According to PrivacySharks, the stolen details include user names, plaintext passwords, IP addresses, and billing information. The attack also contained the public and private keys of LimeVPN users, according to the researchers.
“The hacker informed us that they have the private keys of every user, which is a serious security issue as it means they can easily decrypt every LimeVPN user’s traffic,” the firm said in a posting. Experts are concerned about the possibility of decryption because VPNs tunnel all of their users' internet activity, which could be a gold mine of information for cybercriminals.
The entire alleged stockpile has been listed for sale on the hacker forum RaidForums. The hacker, who goes by the handle "slashx," initially stated that the database included 10,000 documents for $400 (on Tuesday) before increasing the number (on Wednesday). According to Slashx, the heist was carried out through a security breach, rather than an internal threat or an older attack. The site then went offline on Thursday, presumably due to a virus intrusion. “Worryingly, our access was blocked by Malwarebytes [antivirus protection] due to a potential trojan found on the site,” PrivacySharks claimed.
LimeVPN verified the data breach, according to a PrivacySharks spokesperson, and the hacker who took the database also claimed responsibility for the site's outage. LimeVPN alerted RestorePrivacy that "our backup server has been compromised" and that it had "reset our access passwords and initiated a system audit," according to RestorePrivacy, which confirmed the leak separately. Both groups of researchers made contact with the perpetrator and examined samples of the alleged data.
RestorePrivacy researchers observed that transaction details for users buying the service were available (as in dollar amounts and payment method), but real payment-card data or bank details were not included while evaluating the available sample data offered by slashx.“This is because the VPN uses a third-party payment processor called WHMCS,” the firm noted. “However, the hacker claims to have obtained the entire WHMCS database with the LimeVPN hack.”
“Even though LimeVPN is not a large provider like Surfshark or NordVPN, the fact that its entire database was scraped raises the question of security among VPN providers,” Cliff Durward, PrivacySharks’ head of security said. “Although most VPN companies, like LimeVPN, employ no-logs policies, identifiable data such as email addresses and payment information can still be stolen and sold if security breaches occur.”
