Hackers to the rescue! UFO VPN user log database leaks online for a second time

Just a week ago, we covered the news that user log files from the VPN service UFO VPN had been exposed. A database of user data appeared online despite the company's claims of having a "strict no-logs policy".

But while security experts took steps to lock down the data and restrict access to it by the middle of this month, earlier this week it transpired that a second, newer UFO VPN database had appeared online, containing even more data. This time, however, hackers came to the rescue with a coordinated "Meow" attack.

• VPN with 'strict no-logs policy' exposed millions of user log files including account passwords
• Facebook admits to yet another shocking example of leaking user data
• Twitter warns users of 'data security incident' involving billing information

The attack -- which has resulted in the permanent destruction of over 1,000 unsecured databases, including the newly leaked UFO VPN data -- is so called because just the word "Meow" is left behind after it has been executed. Users of the VPN service should be thankful that hackers have helped out by deleting data rather than using it for malicious purposes. Included in the databases were plaintext passwords, IP addresses and other valuable information.

In an email to HackRead, Bob Diachenko, head of research at security firm Comparitech, said that it "seems like they have mismanaged to migrate the database on another server/IP and the same configuration issue happened thus exposing not only previously seen data but also newest ones, access logs dated Jul 20 (the day of the reappearing). Meaning that all others VPN databases got exposed".

He also tweeted about the latest twist in the tale:

New Elasticsearch bot attack does not contain any ransom or threats, just 'meow' with a random set of numbers. It is quite fast and search&destroy new clusters pretty effectively pic.twitter.com/F8Ke3CI64i

— Bob Diachenko (@MayhemDayOne) July 20, 2020

The Meow attacks are still going on today, wiping out data from unsecured databases found online.

While many exposed databases have now been destroyed, it is still advisable for UFO VPN users to change passwords if they have not done so already.

Image credit: Maddas / Shutterstock