Unknown attackers have compromised vpn provider PureVPN and a false mailing sent to the customer, stating that the service doors would close. It is still unclear whether and what customer information is captured.
In the mail that the attackers are in a part of the PureVPN customers uitstuurden, it was stated that PureVPN ‘all of its customer data had to contribute to the authorities’ and then close its doors. A few hours later, the mail followed up with a notice of PureVPN is that the e-mail is not legitimate. The service has no legal problems and will remain open, emphasized PureVPN.
It is striking that both emails including the fake e-mail, sent through the same mail server, which indicates that the attackers had access to the mail system. The attackers may have had access to e-mail addresses and names. Or the attackers also other information obtained, is unclear, but PureVPN takes that it on its servers, no payment information store, and no logs of vpn traffic tracking, so the risk is limited. With the vpn service itself are also no problems, the company said.
Possible PurePVN the victim of a sql injection in WHMCS, a software package that is used for the management of customers. Last week it was a bug in that software package patched, after the discoverer of the leak it into the open.
The fake email that was sent to customers.