We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

10GB Database Exposing VPN Users Dumped (for Free) on Telegram

vpnMentor Research Team Cybersecurity and Research Lab

21 million records were leaked on Telegram, exposing the email addresses and hashed passwords of the users of several VPNs.

The SQL dump was posted on Telegram on May 7th, 2022.

SQL dump post in telegram

The dump, exposing users from several VPN services including GeckoVPN, SuperVPN, and ChatVPN, was initially offered for sale on the dark web back in 2021. It is now posted for free on Telegram.
The file, a Cassandra database dump, is dated 2021-02-25.

Note that we reported a leak affecting SuperVPN back in 2020, but it seems that the released information is different from our previous report.

The breach contains 21 million records, counting for 10 GB of data, exposing about 21 million people (the records appear to be unique).

Overall, the database contains:

  • Email addresses
  • Usernames
  • Full names
  • Country names
  • Randomly generated password strings
  • Billing details
  • Premium status and validity period

logs describing user accounts, passwords, email addresses and more

It appears that the passwords were either hashed and salted or random, without collision. This means each password hash is different, making them harder to crack.
99.5% of the email addresses were Gmail accounts, which is much higher than the average percentage. This may also mean the group who leaked the dump shared a subset of the data and not the full dump. It is important to note that for ethical reasons, we do not keep the data. We only keep a sample for the purpose of our research.

GeckoVPN, SuperVPN, and ChatVPN are all free VPN service providers.

You can see a full breakdown of the data exposure in the table below.

Where and when was the leak posted? Telegram, on May 7th, 2022
Companies affected GeckoVPN, SuperVPN, and ChatVPN
Size of the exposure 10 GB, 21 million records
Number of affected users Approx. 21million

Potential Impacts

VPN users value their privacy and anonymity, making their data more valuable when exposed. When their personal details are leaked, they may become victims of blackmail. For some users, even just the fact that they are using a VPN may put them in danger, and others use a VPN to hide certain things they wish to keep private. A common scam among hackers in the last few years is when they send out blackmail emails declaring they have sensitive information about sites the user visited, and will expose it if not given a certain amount of bitcoin. When they get access to a group of people who value their privacy, such scams may become more profitable for malicious actors.

Bad actors could send phishing messages and scams to exposed users via email, using their full name and other personal details that only the company could know about, such as usernames, countries, or billing details, to build trust.

Furthermore, if hackers manage to access a password, they can seize control of a user's account and exploit their premium status.

Another critical risk would be for this database to end up in the hands of a restrictive government in a country where VPN use is banned or access to certain sites is blocked. This would allow the authorities to potentially arrest dissidents and VPN users.

What Should You Do If You Think You’re Affected?

You may want to take some steps to protect your data if you use one of these VPNs or if you fear that your account may be compromised.

If you haven’t done this yet, you should change your VPN account password immediately, opting for a random mix of upper and lower case letters, numbers, and symbols for maximum security.

You should also ignore any suspicious SMS messages and emails and educate yourself about phishing attacks, scams, malware, and other forms of cybercrime.

What Are Telegram Leaks and Why Should You Care?

As previously reported by our team, hackers are making more and more use of platforms like Telegram to communicate and share information about data breaches.

Telegram uses encryption and offers its users some anonymity. It is also easily accessible and doesn’t require any technical skills. This makes it the perfect platform for hackers to post data breaches, even more so if they want more people to have access to them.

Our cybersecurity researchers scour Telegram and the dark web to find the latest cyberattacks and data breaches. Hackers often post information on these channels before the cybersecurity incident is publicly known.

By reporting on these incidents, we’re able to inform potentially affected parties earlier so that they can act quickly to protect their data.

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

vpnMentor Research Lab is a pro bono service that strives to help the online community defend itself against cyber threats while educating organizations on protecting their users’ data.
Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address