Free Chinese VPNs Expose Data of Millions of Users

New research has revealed that some free VPNs have been storing user data on unsecured servers in plain text.

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn More

New research has uncovered some disturbing findings for free VPN users, with several prominent Chinese-run free VPNs found to be keeping logs of user data. Up to 20 million users may have unknowingly had their data stored this way.

Despite marketing themselves as not collecting users data, the companies were discovered to be harvesting data, plus storing it in an unsecured backend server.

The news comes as a reminder that while some VPNs may be free, you could pay a price by trusting them with your data.

Looking for a safe VPN? Check out our guide to the top 10 most secure VPNs of 2020

Research by vpnMentor

The research, carried out by vpnMentor this month, was part of an ethical hacking project to test VPN systems for weaknesses. The group were actively looking for vulnerabilities, so they could be reported to the companies responsible to be fixed. It's a common practice in the software industry, with most companies offering rewards for information. The idea is that these exploits can be patched before a genuine hacker takes advantage of them.

The results of the discovery are shocking for two reasons. Firstly, sensitive user data was left on unencrypted servers, meaning that it was easily accessible. But more alarmingly, the data should never have been there in the first place, as the VPNs investigated all claim to be “zero log” solutions. In theory, this means that they don't collect data on users.

The information available, in plain text, included:

  • usernames
  • passwords
  • email addresses
  • home addresses
  • device information
  • Bitcoin accounts

According to the group, this data included the personal details of up to 20 million users. The files came to a whopping 1.2TB of data, and included 1,083,997,361 files.

As for the impact of this data falling into the wrong hands, the database represented a goldmine for scammers, opening up the users to fraud, blackmail, impersonation, doxing, hacking and more. And that's before considering the implications of states being able to learn details of VPN users. In China itself, for example, it's illegal to use a VPN.

The VPNs collecting data

The VPN apps found to be using these unencrypted servers are all Hong Kong-based, Chinese software packages. According to vpnMentor, the belief is that they are white label software that can be repackaged by a third party and sold under a different name.

The apps found to be using the unencrypted servers are:

  • Fast VPN
  • Super VPN
  • Free VPN

Needless to say, if you are currently using one of these apps, we recommend uninstalling it immediately, and changing any passwords that you may have used with the software. All these VPNs are still available on the Google Play Store, and between them have millions of users.

As part of their research, vpnMentor reached out to the parent companies of these apps and informed them of its findings, before going public with its report. The responses were, on the whole, dismissive, and denied any issue. One company, UFO VPN stated:

We do not collect and restore users’ home addresses. ‘Clear text passwords’ are not the password for logging in their accounts. It must be the tokens to connect VPN servers, and we collect it within feedback from users to check if the wrong token is applied. We name it “password” in feedback and store it in cleartext. – UFO VPN Spokesperson

However, the evidence collected by vpnMentor strongly disputes this response from the company. It was able to do this by signing up for the VPN service itself, and then searching the unsecured server again, where it found the newly made account, complete with unprotected username and password stored in plain text.

Can You Trust a Free VPN?

A free VPN can be tempting, but as this report shows, they're not without their risks. Not only might you be leaving your personal data exposed, but you'll also be getting a pretty poor service.

Free VPNs tend to be slower, host advertising, and generally not offer much in the way of features. So, they really don't have much going for them.

If you are tempted by a free VPN, we'd strongly recommended opting for one that's based out of Hong Kong, like the ones named in the report. Due to a recent change in law, those found guilty of secession or subversion can be imprisoned for life – making operating and using a VPN there much higher risk. In fact, many VPNs, such as US-owned IPVanish and Private Internet Access, have actually pulled their Hong Kong servers as a direct result of these changes.

Secure VPNs from under $3 per month

The best way to ensure that your online activities remain secure and unexposed is with a paid for VPN service. The cost isn't prohibitive, starting at a few dollars a month, and they offer a wealth of features, servers, and fast download speeds. Some even offer military grade security.

In our table below, you can see our recommendations for the best secure VPNs you can choose, with prices beginning from under $3 per month:

0 out of 0
Price From
Lowest price for single month subscription to cheapest paid tier. Other plans are available.
No. of Devices
No. of Servers
Zero Data Logging
Kill Switch
Stealth Servers
Malware & Ad Blocker
RAM-only servers
Double VPN
Click to find the latest offers, deals and discounts from the VPN provider

Up to 67% off!


$4.99 per month





$1.00/month (5-year plan)


Fast, effective, low-cost and simple – the best VPN we've tested, with risk-free money-back guarantee

Industry-beating good value, with a single low price to cover all your devices, plus great speeds and top security features

Outstanding value, with an advanced VPN app

A decent option for expert users

Powerful features and security, but a bit technical. Some massive savings currently available.

Superb features, but at a higher cost

A safe, simple, outstanding VPN

Good VPN privacy at good speeds

Excellent privacy features for the security-minded

A beautifully simple VPN, with great security provisions











5,000+ (60+ countries)

3,200+ (65+ countries)

30,000+ (84+ countries)

1,800+ (64+ countries)

2,200+ (55+ countries)

3,000+ (94+ countries)

7,600 (78+ countries)

3,000+ (50+ countries)

6,500 (100+ countries)

1,800+ (40+ countries)

See Deals See Deals See Deals See Deals See Deals See Deals See Deals See Deals See Deals See Deals
About our links

If you click on, sign up to a service through, or make a purchase through the links on our site, or use our quotes tool to receive custom pricing for your business needs, we may earn a referral fee from the supplier(s) of the technology you’re interested in. This helps to provide free information and reviews, and carries no additional cost to you. Most importantly, it doesn’t affect our editorial impartiality. Ratings and rankings on cannot be bought. Our reviews are based on objective research analysis. Rare exceptions to this will be marked clearly as a ‘sponsored' table column, or explained by a full advertising disclosure on the page, in place of this one. Click to return to top of page

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Jack is the Deputy Editor for He has over 15 years experience in publishing, having covered both consumer and business technology extensively, including both in print and online. Jack has also led on investigations on topical tech issues, from privacy to price gouging. He has a strong background in research-based content, working with organisations globally, and has also been a member of government advisory committees on tech matters.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals