The LimeVPN data breach
The security of around 69,000 users is now at risk
Just a few days ago, the backup database of one of the world’s most popular VPN services, LimeVPN, was hacked. Responsibility for this hack has been claimed by a hacker under the pseudonym slashx. All the data of every single user of LimeVPN was stolen: credit card numbers, usernames, passwords — everything. Slashx then went onto one of the very popular hacking communities called RaidForums and put this data up for sale. And just like that, around 69,000 users of LimeVPN now find their data being sold to the highest bidder. Let us now have a look at what happened.
What is a VPN?
Before we go ahead, we must first understand what a VPN is. A VPN, short for Virtual Private Network, essentially allows you to extend a private network onto a public network, so that you can access data on the public network through your private network. This enables the user to stay secure in their private network and still can access data online. A VPN using different techniques such as tunneling protocols and encryption to keep the data on the VPN secure. You can get a VPN in many different ways. One way is to subscribe to a third-party VPN service such as ExpressVPN. LimeVPN is also one such VPN provider. There are also browsers such as Opera and Brave which have VPNs built into them. Opera is one of the most popular browsers in today’s world, especially with the gaining popularity of Opera GX — the world’s first gaming browser. Brave has a VPN on its iOS app and will soon integrate it onto its computer browser. On the other hand, Brave’s most popular feature that has drawn many users to it recently is that it has Brave shields which also protects you from trackers and other things that could steal your data online. However, the third-party VPNs are also very good to protect your data.
The breach
When slashx hacked into LimeVPN, he actually hacked into the backup database and got all the data from there. The database contains all details of the users like credit card details. Most importantly, it also contains all the private keys of the users which helps encrypt and decrypt any data sent on the VPN. LimeVPN is a no-logs VPN, which means that it keeps no logs of the activity of the users. But with slashx now controlling all these keys, he can essentially decrypt any messages that are sent through the VPN. This means that he can also start making logs of the data. Slashx went onto RaidForums and has put up the data of around 69,000 users up for sale at a starting price of $400 in bitcoin. With this, the security of all of LimeVPN’s users is now at risk. The LimeVPN site has shut down at the moment and accessing the site will trigger the security software on your computer, warning of a trojan horse.
A trojan horse is a method used by hackers to steal information. The term has its roots in Greek mythology, referring to the Trojan war fought between the Greeks and the Trojans at Troy. The decisive maneuver in that war was made by a famous man named Odysseus. He made a plan to make a huge horse, and offer it as a sort of sacrifice to Poseidon, the god of the seas, to grant them safe passage home. The Greeks also let some of their ships go back home, misleading the Trojans that the Greeks has decided to retreat home. They took the horse into their walls, which were almost impenetrable, and held a festival inside. In the dead of the night, soldiers who were hiding inside the horse, jumped out and practically destroyed Troy. One Aeneas, believed to be the son of Aphrodite, escaped from Troy and founded Rome. The story of the Trojan war is chronicled in the Iliad written by Homer, a Greek. He also wrote about the journey of Odysseus as he tried to return home in his book the Odyssey. The stories do seem to be fiction but are quite captivating.
So that’s a short history of the Trojan Horse. Taken from that, in computer terminology, a trojan horse is a malware that looks harmless, but can actually steal information from you. So the site went down and slashx is now selling all the user’s data online. LimeVPN is now trying to retrieve the people’s data and reset the keys and all but it is going to be a very hard battle to fight. If you are a user of LimeVPN, I suggest that you take steps to protect your data straight away. VPNs can be quite safe, but always remember, nothing is perfectly safe.
