At least some of the information went offline, although it was visible on the IoT search engine Shodan.io for 18 days.
One of the providers, UFO VPN, claimed that it was unable to block your data quickly due to personnel changes related to the pandemic. It also maintained that the records were only used for performance monitoring and were supposedly anonymized. CompariTech and VPNMentor say the UFO claims are incorrect, however, they point to sample data that mentions explicit names. As it stands, the zero record claim is clearly untrue.
The incident underscores issues with white-label VPN services. It is very easy for some companies to rename services without being held accountable for their claims. If you are concerned about the privacy of your data, it may be better to stick to the major brands.
It is also particularly dangerous for Hong Kong. Government critics use VPNs precisely to avoid China’s surveillance and censorship. A data leak like this not only undermines the privacy of these VPNs, it risks facilitating officials to crack down on dissidents. While it is unclear how much of the information was made public, this could easily leave customers of VPN companies struggling to switch providers and change login details.
