One of the many reasons people choose to use VPNs is that they are designed to encrypt your data and protect your privacy. That’s pretty much its main selling point, where you can use it when you’re on public Wi-Fi or if you just prefer your ISP not to know what you’re doing.
However, it seems that in Hong Kong, Bob Diachenko of Comparitech discovered that there were several VPNs that recorded user data, although they announced that they did not engage in such practices. This included almost 1TB of records in an Elasticsearch cluster by UFO VPN.
The logs contained data such as account passwords, tokens, IP addresses of users’ devices, and the VPN servers those users connected to, all of which appeared to be stored in the clear format, which essentially allowed anyone to consult them. When UFO VPN was alerted to the problem, they blamed the coronavirus pandemic for the problem, stating that due to “staff changes” it was preventing its staff from securing the database network.
UFO VPN is not alone in this case, as several other Hong Kong-based VPN services have been found doing the same. As for UFO VPN, they claimed that these logs are kept for traffic performance monitoring, although this seems to go against the company’s claims that it does not track user activities.