UPDATE 7/2: Further information regarding the LimeVPN hack has been discovered by Restore Privacy, and significantly degrades the severity of the violation.
Further discussions with LimeVPN revealed that the claim that 69,000 users would be affected was in fact an activity log total, with the number of live user accounts closer to 800. LimeVPN also confirmed that his website had not been hacked and all leaked private keys were fake. In fact, 25 WireGuard keys used for beta testing were taken. LimeVPN says, “We have reset all access information, shut down the Wire Guard servers, and separate our billing infra from marketing information.”
The claim that payment information was stolen is also apparently false, with LimeVPN stating that it was only stored transaction data, not actual card or payment details. And as for the leaked passwords, these are the passwords generated automatically for the VPN connection and were all “immediately suspended”.
Any LimeVPN customer concerned about this hack and the security of their personal information are encouraged to contact LimeVPN directly if they have specific questions and read the Restore Privacy article linked above for the most up-to-date and most detailed breakdown. detailed of the violation.
Using a Virtual Private Network (VPN) is meant to help keep you safe and anonymous online, but what if that VPN gets hacked? In the case of LimeVPN, that means over 69,000 users have had their personal information stolen and offered for sale to the highest bidder.
As PrivacySharks Reports, LimeVPN has confirmed that its backup server has been hacked and its website is down. If you try to visit the website, it is likely to be blocked by your security software warning of a Trojan horse, so it is best not to try. PrivacySharks also spoke to the hacker who allegedly breached the server, who confirmed that he also took the website offline and initially gained access through a security hole.
All LimeVPN customers are now at risk because the backup server included a database of their contact details, including username, email address and password, as well as payment information. LimeVPN uses the web hosting automation and billing service known as WHMCS to handle payments. The fact that the hacker claims to hold each user’s private key is also of great concern, meaning that any traffic passing through LimeVPN can potentially be decrypted.
Recommended by our editors
The records held by the hacker are said to be for more than 69,400 customers. A user called slashx initially put the database up for sale on RaidForums a few days ago for $ 400 in Bitcoin. However, at the time, it was believed that only 10,000 records had been seized. With the total now closer to 70,000, a “much higher price” has apparently been set.
LimeVPN customers can’t do much other than stop using the VPN service (there are many alternatives available), take action to protect the payment method / bank details used to pay service and be on alert for possible identity theft. LimeVPN claims to have a “no-logs” policy, which should mean that no past activity records are available on the breached server, but continued use of the service could create a log now that the hacker is in possession of these private keys.