Disclosure:
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.

• Ownership

vpnMentor is owned by Kape Technologies PLC, which owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

• Affiliate Commissions

While vpnMentor may receive commissions when a purchase is made using our links, this has no influence on the reviews content or on the reviewed products/services. We provide direct links to purchase products that are part of affiliate programs.

• Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may take into consideration the affiliate commissions we earn for purchases through links on our website.

About vpnMentor's Research Lab

Table of Contents

The Research Lab is a pro-bono service created to help the online community defend itself against cyber threats, while helping organizations and businesses protect their users’ data.

Our cybersecurity analysis research team, led by renowned analysts Noam Rotem and Ran Locar has discovered and disclosed some of the most impactful data leaks in recent years.

We’ve also worked with many anonymous ethical hackers, who have been inspired by the Research Lab to reach out and share leaks they discover.

The Research Lab in Numbers

We founded the Research Lab in early 2019, and since then, we’ve worked with data privacy agencies, Computer emergency response teams (CERTs), and businesses across the globe.

85+Cyber Security Reports Published
60+Countries Involved
*100+Companies Exposed
400+MsPeople Affected
Billionsof records found
7Leaks involving government agencies / employees

 

* Note: many of the reports we publish concern developers of B2B and enterprise software. These companies process and store data from companies around the world. Based on this, we estimate the true reach of the data leaks to be 10,000s of companies, although we cannot give an accurate estimation.

Impact of Our Work

To confirm that our work has a real, significant impact, we undertook a quick investigation to learn how the hacking world was responding to our reports.

By joining some popular hacking forums, including a few on the dark web, we were able to see what people were saying about the data leaks, breaches, and vulnerabilities we were helping to close.

Once a report about a leaked database is published, there is no longer value in hackers hiding the fact that they had also secretly hacked the same database. Hackers often don't disclose data leaks, so they can access any new records added to the database.

However, once a leak is secured, and they're no longer able to profit from it, hackers often openly announce, discuss, and offer to sell information on the leak. They may also try to sell any data from the leak that they downloaded and is no longer available to other hackers.

Using a sample of our 56 reports, we found discussions between hackers, confirming that they're following our work. Hackers were actively trying to exploit the vulnerabilities we'd worked to resolve or had previously accessed databases now made secure through our reporting.

We made some interesting observations in our investigation, including:

  • For 17% of the stories, hackers were actively asking and searching for access to the leak in question.
  • 8.9% of the leaks we'd discovered were already being sold on hacker forums, with varying degrees of accesses at different prices.
  • One leak received tremendous attention after our report was published, with hackers even thanking each other. This suggested some people may already found the leak and released details about it before it had been disclosed and fixed. Alternatively, the company may have thought they fixed the issue, but the database was still accessible again later, due to another vulnerability. An issue like this is known as a fail-patch.

The fact that our reports are getting so much attention from the hacking community shows our work has a real, positive impact.

By finding these leaks and sharing them with the companies involved, we've helped protect millions' of people from hacking, online attacks, and much more.

Who Shared Our Reports

Through the Research Lab’s work, we’ve helped secure the data of over 100 million people in just twelve months.

As you can imagine, this has created huge interest in our work.

Our most significant discoveries have been reported by the biggest websites in the world, becoming huge stories, and quickly going viral.

You can read some of our biggest findings on the following websites:

Previous Reports

The data leaks and vulnerabilities we’ve reported have been incredibly varied, including everything from dating apps and educational platforms to biometric security firms and the US military.

Keep reading to see some notable examples.

Business and Finance

Icon

Ecuadorian firm Novaestrat was leaking records for over 20 million people in the country, including a large amount of sensitive PII data.

Icon

Million's of India's BHIM e-payments app users were exposed by a website promoting the app across the country.

Icon

TrueDialog put millions of Americans at risk after leaking a massive amount of private data, including tens of millions of private SMS text messages.

Icon

Tech Data Corporation, a Fortune 500 company working around the world, exposed over 264GB of client data.

Icon

Freedom Mobile exposed 1,5 million Canadian customers’ full credit details in a huge nationwide data breach.

Icon

A data breach from an unknown source exposed 80 million US households to various forms of fraud and attack.

 E-commerce

Icon

Chinese e-commerce platform Gearbest exposed over 1.5 million customer records by leaving a sensitive database completely unsecured.

Icon

Adult site PussyCash leaked extremely sensitive data from its ‘cam’ affiliate network and other adult websites, exposing over 875,000 incredibly risky files.

iOS and Android Apps

Icon

Digital wallet Key Ring jeopardized the security of its 14 million users in a data leak that exposed IDs, driver licenses, credit cards, and more.

Icon

Aspire News App, built to help domestic abuse victims, exposed 1,000s of users' pre-recorded emergency distress messages and personal information.

Icon

Numerous niche dating and hook up apps exposed 100,000s of users, by leaking potentially embarrassing and incredibly sensitive images to the public.

Security and Data Privacy

Icon

7 popular free no-log VPNs left their server completely open, exposing activity logs, personal details, and private data for over 20 million people.

Icon

Biometric Security Firm Biostar exposed user fingerprints, facial recognition data, and more from secure locations across the globe, affecting millions.

Travel

Icon

Travel platform Autoclerk leaked the personal data of 1,00s of hotel guests globally, including members of the US military, defense, and intelligence agencies.

Introducing The Leak Box

To further pursue our mission to make the internet safer for everyone, and ensure as many data leaks are being detected and reported as possible, we’ve built The Leak Box.

The Leak Box is a custom-built tool that allows ethical hackers anywhere in the world to anonymously report data leaks, vulnerabilities, and more. Built and hosted on the Dark Web, its impossible to trace the origins of any submission back to the hacker uploading it.

We know that ethical hacking is dangerous and have built the Leak Box so good people can continue exposing dangerous leaks, without worrying about retaliation and potential legal issues.

Check out the Leak Box