Over 2 million VPN passwords have been stolen – here’s what you can do about it
Proton VPN, ExpressVPN, and NordVPN are the biggest targets
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
You probably know by now that using one of thebest VPNapps makes your online life more private and secure. But what if your VPN logins get compromised?
New researchfrom password management and authentication solution provider Specops Software found that over two million VPN passwords have been malware-stolen during the past year. Worse still, three of TechRadar’smost secure VPNproviders were among the most affected services.
While these worrying findings aren’t related to the security offered by the VPN services, I reached out to the affected providers to understand what’s at stake and how to better secure your VPN account.
The danger of compromised VPN passwords
A VPN (virtual private network) is a security software that encrypts your internet connections to ensure third parties cannot access your data in transit. At the same time, it also spoofs your real IP address location to keep you more private online.
Consumers and organizations are increasingly using VPNs to boost their privacy when browsing the web. For organizations, it’s more important than ever for employees to connect to a reliablebusiness VPNas remote work gets more widespread.
Yet, “if VPN passwords are becoming compromised, these great cybersecurity benefits can be undone and actually offer a route into your organization for attackers,” said Darren James, Senior Product Manager at Specops Software.
The research team analyzed VPN compromised credentials between August 20, 2023, and August 20, 2024, and found that 2,151,523 users' passwords had been stolen bymalwareduring the period.
Among these, over a million (1,306,229 to be more precise) came from users of one of thebest free VPNservices on the market,Proton VPN.ExpressVPNandNordVPNfollow suit as the most stolen credentials with 94,772 and 89,289 respectively.
The most common password to be compromised was 123456, which was found to be leaked 5,290 times. Despite this, the findings suggest that users had mostly used unique or strong passwords. “But this hasn’t stopped them from becoming compromised,” noted researchers.
Users may have been tricked into giving away their secret login details on fake websites impersonating the VPN provider. Cybercriminals are used to taking advantage of reliable brands to carry out phishing attacks. Keylogger malware could also be used to capture keystrokes, including VPN passwords.
A NordVPN spokesperson also suggests that cybercriminals may have used so-called credential stuffing attacks to compromise VPN passwords. This type of attack takes advantage of the people’s tendency to reuse the same password across different accounts, by trying to match previously leaked credentials with other services.
“Credential stuffing is a problem not only for us but for almost every other digital service and website,” explained NordVPN.
Similarly, Lauren Hendry Parsons from ExpressVPN highlights how the leak didn’t occur through the compromise of any VPN provider, but in a range of ways such as brute force attacks and sophisticated phishing.
“Given that ExpressVPN is a leading VPN provider with 4 million active users around the world, it stands to reason that a substantial number of ExpressVPN credentials are included in this report,” she told me. “Importantly, we cannot know how many of the identified credentials are active versus expired.”
How to secure your VPN passwords
The biggest takeaway here is just using security software like a reliable VPN app isn’t enough to keep you safe online. You must be careful of the links you click and practice good cyber hygiene at all times, too.
On this point, Parsons from ExpressVPN said: “This research is a tangible reminder of the dangers of phishing and malware, and we encourage everyone to practice good password hygiene.”
She suggestsusing strong and unique passwordsat all times. I recommend trying out apassword managertool to help you with this. If you’re already a NordVPN, ExpressVPN, or Proton VPN user, good news! All these providers include such a tool with its VPN service.
As a rule of thumb, NordVPN suggests creating long and complex passwords that include a mix of letters, numbers, and special characters to make them harder to guess.
Stronger and safer passwords are not rocket science. You only need a password manager. 😉 pic.twitter.com/ZclvnonwIfAugust 12, 2024
Another important step to keep your VPN account safe is toenable two-factor authentication (2FA) or multi-factor authentication (MFA). This practice easily boost up your account security by requiring additional verification beyond just a password.
Using a reputableantivirussoftwareis also an important step as it helps you to keep your device malware free. While not being a full antivirus,NordVPN Threat Protection Procan considerably mitigate these type of threats.
You should also keepmonitoring your accountsfor suspicious activities, whilestaying informed about data breachesas they occurred. To do this you might want to consider using data breach alert services.
Parsons from ExpressVPN also said: “Beyond that, we’d recommend everyoneeducate themselves on the phishing practicesand protect themselves by never clicking on suspicious links, or downloading attachments from unknown sources.”
Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com
Should your VPN always be on?
3 reasons why PIA fell in our best VPN rankings
Anker Nebula Mars 3 review: A powerful and truly portable projector
