Three Popular VPN Services Leak Users’ IP Addresses

Experts from the VPNMentor website have discovered that three popular VPN services are leaking user data that could be used to identify individuals. Specifically, the services in question are Hotspot Shield, Zenmate, and PureVPN.

A VPN, or virtual private network, allows users to route their internet traffic through other servers, making it harder to identify them. VPNs are especially popular in parts of the world where internet access is restricted or censored. Often, VPN traffic is encrypted in such a way that even internet providers and the VPN services themselves cannot access it.

However, the research found vulnerabilities in these services that could lead to the leakage of real IP addresses and, in some cases, allow the identification of individual users and their locations.

Details of the Vulnerabilities

In the case of Hotspot Shield, three vulnerabilities were found in the Chrome browser extension, specifically in the mechanism for handling proxy auto-configuration scripts. These issues could expose users’ IP addresses and DNS information.

Another vulnerability could allow an attacker to intercept and redirect web traffic to a proxy server, tricking the user into clicking a malicious link.

Hotspot Shield’s developer, AnchorFree, has already fixed these problems, noting that they only affected the browser extension.

Researchers also reported similar issues with Zenmate and PureVPN. According to representatives from PureVPN, the company has already addressed the vulnerabilities. Zenmate representatives have not commented on the situation.