We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About vpnMentor's Research Lab

The Research Lab is a pro-bono service created to help the online community defend itself against cyber threats, while helping organizations and businesses protect their users’ data.

This project allowed us to help researchers disclose some of the most impactful data leaks in recent years.

 

 

The Research Lab in Numbers

We founded the Research Lab in early 2019, and since then, we’ve worked with data privacy agencies, Computer emergency response teams (CERTs), and businesses across the globe.

105+Cyber Security Reports Published
60+Countries Involved
*130+Companies Exposed
455+MPeople Affected
Billionsof records found
9Leaks involving government agencies / employees

 

* Note: many of the reports we publish concern developers of B2B and enterprise software. These companies process and store data from companies around the world. Based on this, we estimate the true reach of the data leaks to be 10,000s of companies, although we cannot give an accurate estimation.

Impact of Our Work

To confirm that our project has a real, significant impact, we undertook a quick investigation to learn how the hacking world was responding to our reports.

By joining some popular hacking forums, including a few on the dark web, we were able to see what people were saying about the data leaks, breaches, and vulnerabilities we were helping to close.

Once a report about a leaked database is published, there is no longer value in hackers hiding the fact that they had also secretly hacked the same database. Hackers often don't disclose data leaks, so they can access any new records added to the database.

However, once a leak is secured, and they're no longer able to profit from it, hackers often openly announce, discuss, and offer to sell information on the leak. They may also try to sell any data from the leak that they downloaded and is no longer available to other hackers.

Using a sample of our 56 reports, we found discussions between hackers, confirming that they're following our work. Hackers were actively trying to exploit the vulnerabilities covered in the reports we published or had previously accessed databases now made secure through our project.

We made some interesting observations in our investigation, including:

  • For 17% of the reports, hackers were actively asking and searching for access to the leak in question.
  • 8.9% of the leaks we published reports on were already being sold on hacker forums, with varying degrees of accesses at different prices.
  • One leak received tremendous attention after our report was published, with hackers even thanking each other. This suggested some people may have already found the leak and released details about it before it had been disclosed to the company and fixed. Alternatively, the company may have thought they fixed the issue, but the database was still accessible again later, due to another vulnerability. An issue like this is known as a fail-patch.

The fact that the reports are getting so much attention from the hacking community shows our work has a real, positive impact.

Who Shared Our Reports

Through the Research Lab’s work, over 450 million people and 120+ companies were informed about the risks they face, in just 4 years.

As you can imagine, this has created huge interest in the project.

The most significant discoveries have been reported by the biggest websites in the world.

You can read some of our most significant findings on the following websites:

Previous Reports

The data leaks and vulnerabilities we’ve shared have been incredibly varied, including everything from dating apps and educational platforms to biometric security firms and the US military.

Keep reading to see some notable examples.

Business and Finance

 E-commerce

iOS and Android Apps

Security and Data Privacy

Travel