SuperSoftTech Data Breach (2021)

A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen from three different Android VPN services – SuperVPN, GeckoVPN, and ChatVPN – with 21 million user records being sold in total. The VPN services whose data has been allegedly exfiltrated by the hacker are SuperVPN, which is considered as one of the most popular (and dangerous) VPNs on Google Play with 100,000,000+ installs on the Play store, as well as GeckoVPN (1,000,000+ installs) and ChatVPN (50,000+ installs). The forum user is selling deeply sensitive device data and login credentials – email addresses and randomly generated strings used as passwords – of more than 21 million VPN users for an undisclosed sum. We reached out to SuperVPN, GeckoVPN, and ChatVPN and asked the providers if they could confirm that the leak was genuine but we have received no responses at the time of writing this report. The author of the forum post is selling three archives, two of which allegedly contain a variety of data apparently collected by the providers from more than 21,000,000 SuperVPN, GeckoVPN, and ChatVPN users, including: Email addresses Usernames Full names Country names Randomly generated password strings Payment-related data Premium member status and its expiration date The forum post author is also offering potential buyers to sort the data by country. The random password strings might indicate that the VPN user accounts could be linked with their Google Play store accounts where the users downloaded their VPN apps from.