A vulnerability in a popular VPN application that compromises the privacy of millions of users

The primary purpose of VPN applications is to protect your privacy on the Internet and avoid tracking your activity on the latter. Therefore, it would be a bad thing to create a security vulnerability in this type of service because it would present user data and privacy at risk. Last week, a security vulnerability was discovered in AnchorFree Hotspot Shield VPN, which is used by more than 500 million people worldwide.



VPN services protect user activity on the Internet by using specially encrypted servers, making it difficult to identify users and spy on what they do on the Internet. Many rely on these services only for this reason, particularly those in countries where the government places Internet restrictions to suit its own objectives.

Paulos Yibelo found this vulnerability, which they said was causing users to leak information such as the name of the country they were in, whether they were connected to the Internet, and the name of the WiFi network. This information can be used to narrow down users by linking the WiFi network name to publicly available data.

ZDNet reported that the Paulos Yibelo team used special code to prove the vulnerability, which revealed that they already detected the AnchorFree Hotspot Shield VPN network even when connected to a VPN service. It is worth mentioning that this vulnerability was tested on multiple devices and different networks and the team got the same result.

"We are committed to the safety and security of our users, and we will issue a new update this week that will remove the component that can leak even public information," AnchorFree said. Indeed, AnchorFree has now released the patch for this vulnerability as part of version 7.4.6 of the AnchorFree Hotspot Shield application.