18.5 GB of data of BeanVPN service users were in the public domain


Cybernews experts have discovered an open database containing 18.5 GB of connection logs of the BeanVPN VPN service. The database contains more than 25 million records of diagnostic information of users, including:

  • User device IDs;
  • ID of Play Service services;
  • IP addresses;
  • connection timestamps.

“The information can be used to deanonymize BeanVPN users and determine their approximate location using the service’s databases GeoIP. Play ID Service allows you to determine the user’s email address that is linked to the services Google», — said Cybernews security researcher Aras Nazarov.

The discovered ElasticSearch database is now closed. The researchers reported the open database to BeanVPN developer IMSOFT, but the company did not comment on the situation. It seems that IMSOFT has violated its own privacy policy, which states that they collect “only the minimum data necessary for the operation of a world-class VPN service”, — the experts said.

The company states that it strives to protect users’ information by “best-in-class means of physical, procedural and technical security” to protect their offices and information repositories. However, according to publicly available information, the company’s only office is located in an apartment building in Bucharest, Romania.

BeanVPN Application
Supported only by Android devices and downloaded from Google Play Store more than 50,000 times. In addition, the website Beanvpn.com It is used to promote another application of the company — Telefly MTProto proxy servers for Telegram.

Start a discussion …