SuperVPN reports massive Data Breach, compromising 360 million user records

SuperVPN, a popular free VPN service, has experienced a massive data breach resulting in the compromise of over 360 million user records.

The leaked information, totaling 133GB, includes sensitive details such as user email addresses, original IP addresses, geolocation information, secret app keys, unique user identifier numbers, and visited website logs.

Contrary to the claims made by SuperVPN on its support pages of robust privacy and no logging of user data or communication contents, this breach suggests otherwise.

This is not the first incident involving SuperVPN; in May 2022, user details linked to several dubious providers were leaked. The SuperVPN app has been flagged for containing malware in 2016.

SuperVPN appears to be based out of China, a country that has strict regulation on usage of internet and rigidly controls the flow of information. Providing a privacy service like VPN is an obvious conflict of interest for a tool being run out of a country with little to no online privacy. What's more, SuperVPN's terms and conditions include very specific wording banning “subverting state power, undermining national unity or undermining social stability and / or damaging the honor and interests of the State.”