July 2, 2021- 3:05 p.m.
The LimeVPN website was taken down by a hacker, and over 69.400 user records were stolen with the entire contents of the LimeVPN’s website server, including usernames, passwords, and payment details, which are now being sold online to the highest bidder.
Initially, it looked like the breach was a VPN backup database leak, but it’s now clear that the LimeVPN website was attacked and this event was a full-blown website breach.
The hacker revealed that they got their hands on LimeVPN’s data through a security breach and no human factor was involved.
The hacker was asking for a $400 Bitcoin payment for the entire contents of the database.
LimeVPN, like many other VPN providers, is advertising a log-less service, this meaning that it doesn’t track its users or keep personal data on them, but just by noticing the existence of the stolen records and database makes us wonder if these claims are true.
The researchers from Privacy Sharks managed to contact the hacker and were able to reveal the fact that the scraped data includes everything from LimeVPN’s database:
- Records from its WHMCS billing system.
- VPN account details like usernames, email addresses, and passwords.
