Free VPN services (SuperVPN and GeckoVPN) - multiple services breached together.
In February 2021, the free VPN apps SuperVPN and GeckoVPN were breached, exposing over 20 million user records. The threat actor said the data came from publicly accessible databases left vulnerable by default credentials. Exposed data included email addresses, country of login, login timestamps, device make/model, device serial numbers, and IMSI numbers. Reporting noted the broader for-sale set also included hashed passwords and names.
ObscureIQ assessment: For a VPN service, exposure of device and connection metadata is particularly damaging because it links a real identity/device to activity the user intended to keep private; hashed passwords and names in the for-sale set are carried as latent worst-case.
Device identifiers (serial, IMSI) plus login history and country are especially sensitive for a privacy product, enabling device tracking and undermining the anonymity VPN users expect.
SuperVPN and GeckoVPN are free Android VPN applications marketed to provide private, secure internet access to large mobile user bases.
VPN providers collect account data, billing records, subscription histories, device-linked access metadata, and support interactions tied to privacy and security services.
The exposed data was offered for sale on hacker forums and later leaked for free on Telegram in 2022. Reporting attributed the exposure to default database credentials left in place.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
If you believe your information may be included:
In February 2021, the free VPN apps SuperVPN and GeckoVPN were breached, exposing over 20 million user records. The threat actor said the data came from publicly accessible databases left vulnerable by default credentials. Exposed data included email addresses, country of login, login timestamps,…
Verified fields include Device Information, Device Serial Number, Email Address, Geographic Location, Imsi, Login History.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation