In February 2021, a series of "free" VPN services were breached including SuperVPN and GeckoVPN, exposing over 20M records. The data appeared together in a single file with a small number of records also included from FlashVPN, suggesting that all three brands may share the same platform. Impacted data also included email addresses, the country logged in from and the date and time each login occurred alongside device information including the make and model, IMSI number and serial number. The data was provided to HIBP by a source who requested it be attributed to redredred@riseup.net.
Accounts breached: 20339937
Breached on: February 25, 2021
Exposed data: Device information, Device serial numbers, Email addresses, Geographic locations, IMSI numbers, and Login histories
Domain:
Added on: February 28, 2021