vpnMentor has revealed that 21 million records were leaked on Telegram, exposing the email addresses and hashed passwords of the users of several VPNs.
The dump, exposing users from several VPN services including GeckoVPN, SuperVPN, and ChatVPN, was initially offered for sale on the dark web back in 2021. It is now posted for free on Telegram.
The breach contains 21 million records, counting 10 GB of data, exposing about 21 million people (the records appear to be unique).
Overall, the database contains:
- Email addresses
- Full names
- Country names
- Randomly generated password strings
- Billing details
- Premium status and validity period
It appears that the passwords were either hashed and salted or random, without collision. This means each password hash is different, making them harder to crack.
99.5% of the email addresses were Gmail accounts, which is much higher than the average percentage.
This may also mean the group who leaked the dump shared a subset of the data and not the full dump.
We’ve reported that hiring is only going to get harder.