A Major Data Breach Implicates Super VPN in Exposed User Records
A cybersecurity researcher discovered an unprotected database that exposed more than 360 million customer records tied to the popular Super VPN service. The finding was shared in a technical blog post and later cited by VPNMentor as part of its reporting on secure data handling and breaches.
The database, reported to be about 133 gigabytes, reportedly contained information covering the full scope of Super VPN users. Included were email addresses and links to sites visited while using the service, painting a detailed picture of user activity and online behavior.
Additional data appeared to include server lists that users connected to, unique session identifiers, secret keys, device details such as smartphone models, and other device identifiers. This combination of authentication tokens and device information could pose serious risks if misused, underscoring the critical need for strong data protection practices.
The research highlighted that Super VPN is a widely used service, with more than 100 million downloads across major app stores. While impressive in reach, the lack of publicly available information about the company’s physical location raised questions about governance, transparency, and the security measures in place for a free service of this scale, according to the researcher’s assessment.
In a separate development, users of Windows 11 reported a noticeable drop in VPN performance after applying the May operating system update from Microsoft. The timing suggested potential interactions between the OS update and VPN software that could affect connection speeds, security settings, or network routing configurations. Observers advised validating VPN configurations and staying informed about compatibility notes issued by both the VPN provider and Microsoft.
Experts emphasize that unprotected databases, weak access controls, and insufficient encryption create a fertile ground for data exfiltration and identity theft. Organizations offering free or freemium VPN services often balance user accessibility with risk, and this incident serves as a reminder that data handling practices must keep pace with growth. Stakeholders should conduct comprehensive risk assessments, implement multi-factor authentication where possible, and establish robust monitoring to detect anomalous access patterns. When breaches occur, rapid containment, transparent disclosure, and user guidance become essential to minimize harm and preserve trust. In the broader security community, the event is viewed as a cautionary tale about the importance of ongoing security quality assurance and the value of independent audits. (Attribution: cybersecurity research community)”