The Quickfox VPN is mainly used by Chinese citizens living abroad who need to access Chinese websites as most of these sites are geo-restricted.
Wizcase’s team of ethical researchers, led by Ata Hakcil, discovered a “critical leak” that the researchers found to be exposing personally identifiable information of at least one million users of a Chinese VPN service.
The team revealed that the VPN leaking data is Quickfox, produced by Fuzhou Zixun Network Technology Co., Ltd.
The VPN is mainly used by Chinese citizens living abroad who need to access Chinese websites as most of these sites are geo-restricted. The VPN connects to servers in China and lets users avoid those restrictions.
Reportedly, the leak was caused by a misconfiguration in the VPN. The product had insufficient ELK (Elasticsearch, Logstash, and Kibana) stack security, which refers to the three open-source programs responsible for streamlining searchers via large files, in this case, the logs of Quickfox.
Researchers identified that Quickfox had set up access restrictions from Kibana but hadn’t set up security measures for the Elasticsearch server. Hence, anyone with an internet