By now, you probably know that using one of the best VPN apps can make your online life more private and secure. But what if your VPN logins get compromised?
New research from password management and authentication solutions provider Specops Software found that over two million VPN passwords were stolen by malware in the past year. Worse still, three of TechRadar’s most secure VPN providers were among the most affected services.
While these disturbing findings have nothing to do with the security offered by the VPN services, I reached out to the providers involved to find out what’s at stake and how you can better secure your VPN account.
The Danger of Compromised VPN Passwords
A VPN (virtual private network) is a security software that encrypts your internet connections to ensure that third parties cannot access your data during transmission. At the same time, it also spoofs your real IP address location to keep you more private online.
Consumers and organizations are increasingly using VPNs to enhance their privacy while surfing the web. For organizations, it is more important than ever for employees to connect to a reliable corporate VPN as remote work becomes more common.
“However, if VPN passwords are compromised, these great cybersecurity benefits can be negated and attackers can become a gateway into your organization,” said Darren James, Senior Product Manager at Specops Software.
The research team analyzed compromised VPN credentials between August 20, 2023 and August 20, 2024 and found that 2,151,523 users’ passwords had been stolen by malware during that period.
Of these, over a million (1,306,229 to be exact) came from users of one of the best free VPN services on the market, Proton VPN. ExpressVPN and NordVPN follow as the most stolen credentials with 94,772 and 89,289 respectively.
Did you know?
The most common password compromised was 123456, which was found to have been leaked 5,290 times. Despite this, the findings suggest that users were primarily using unique or strong passwords. “However, this did not prevent them from being compromised,” the researchers noted.
Users may have been tricked into providing their secret login credentials on fake websites that pretend to be the VPN provider. Cybercriminals are abusing trusted brands to launch phishing attacks. Keylogger malware can also be used to record keystrokes, including VPN passwords.
A NordVPN spokesperson also suggests that cybercriminals may have used so-called credential stuffing attacks to compromise VPN passwords. This type of attack exploits people’s tendency to reuse the same password across different accounts, by attempting to match previously leaked credentials with other services.
“Credential stuffing is not just a problem for us, but for almost all other digital services and websites,” NordVPN explains.
Lauren Hendry Parsons of ExpressVPN emphasizes that the breach did not occur through an attack by a VPN provider, but through a variety of means, including brute force attacks and advanced phishing.
“Given that ExpressVPN is a leading VPN provider with 4 million active users worldwide, it makes sense that a substantial number of ExpressVPN credentials would be included in this report,” she told me. “Importantly, we have no way of knowing how many of the credentials identified are active versus expired.”
How to Secure Your VPN Passwords
The biggest lesson here is that just using security software like a reliable VPN app isn’t enough to keep you safe online. You need to be careful about the links you click on and practice good cyber hygiene at all times.
ExpressVPN’s Parsons said: “This research is a stark reminder of the dangers of phishing and malware, and we encourage everyone to practice good password hygiene.”
She suggests use strong and unique passwords always. I recommend trying out a password manager tool to help you with this. If you’re already a NordVPN, ExpressVPN, or Proton VPN user, good news! All of these providers offer such a tool with their VPN service.
As a rule of thumb, NordVPN recommends creating long and complex passwords that use a combination of letters, numbers, and special characters to make them harder to guess.
Stronger and more secure passwords aren’t rocket science. You just need a password manager. 😉 pic.twitter.com/ZclvnonwIfAugust 12, 2024
Another important step to keep your VPN account secure is: Enable two-factor authentication (2FA) or multi-factor authentication (MFA)This approach increases the security of your account by requiring additional verification beyond just a password.
Use a reliable antivirus software is also an important step because it helps you keep your device malware-free. Although it is not a full-fledged antivirus, NordVPN Threat Protection Pro can significantly reduce these types of threats.
You must also monitor your accounts for suspicious activities, while stay informed about data leaks as they occurred. To do this, you may want to consider using data breach alert services.
ExpressVPN’s Parsons also said, “We also recommend everyone inform yourself about phishing practices and protect themselves by never clicking on suspicious links or downloading attachments from unknown sources.”
