LimeVPN suffers from major data breach, over 69,000 users at risk
Using a Virtual Private Network (VPN) is meant to help keep you safe and anonymous online, but what if that VPN gets hacked? In the case of LimeVPN, that means over 69,000 users have had their personal information stolen and offered for sale to the highest bidder.
As PrivacySharks Reports, LimeVPN has confirmed that its backup server has been hacked and its website is down. If you try to visit the website, chances are your security software is warning you about a Trojan horse, so it’s best not to try. PrivacySharks also managed to speak to the hacker who hacked into the server, confirming that he also took the website offline and initially gained access through a security hole.
All LimeVPN customers are now at risk because the backup server included a database of their contact details, including username, email address and password, as well as payment information. LimeVPN uses the web hosting automation and billing service known as WHMCS to handle payments. Also of great concern is the fact that the hacker pretends to hold each user’s private key, meaning that any traffic passing through LimeVPN can potentially be decrypted.
The records held by the hacker would be those of more than 69,400 customers. A user called slashx initially put the database up for sale on RaidForums a few days ago for $ 400 in Bitcoin. However, at the time, it was believed that only 10,000 records had been seized. With the total now closer to 70,000, a “much higher price” has apparently been set.
LimeVPN customers can’t do much other than stop using the VPN service (there are many alternatives available), take action to protect the payment method / bank details used to pay service and be on alert for possible identity theft. LimeVPN claims to have a “no-logs” policy, which should mean that no past activity records are available on the breached server, but continued use of the service could create a log now that the hacker is in possession of these private keys.