PureVPN Gets Hacked
To anyone with any amount of experience with Internet scams, the fake emails that were supposed to have originated from PureVPN immediately looked suspicious. The company, however, did get hacked and a fake email was sent out to customers of PureVPN.
Those emails contain words that most people on a VPN service never want to hear. The emails claim that the service was being shut down and that “the authorities” had received customer information. The email also warns that the customers might be contacted by “the authorities” in relation to cases that those authorities were working on.
The email goes on to say that your ID or driver’s license, any documents that PureVPN had on file and your billing address and phone number would all be handed over to the authorities.
The fake email from PureVPN is actually a good lesson in how to spot something that is obviously a fraud. The language is less than eloquent and, of course, very few serious businesses would put out an email with a reference as vague as “the authorities” in it.
Nonetheless, it was quite a scare for users. According to information from the company, the hack was the result of a zero day exploit for WHMcs customer relations management software that the company uses. The exploit utilizes the very heavily used SQL injection method of gaining access to the server. This allowed the hacker to send out the emails over the servers.
PureVPN was quick to respond to the incident over Twitter, sending out a tweet to notify users that the email is a fake, the company is not shutting down and there aren’t any legal issues that customers have to worry about in relation to their PureVPN service. The fake emails were also only sent out to a subset of the email addresses for PureVPN customers, as well, so not all customers got the scare.
PureVPN doesn’t store VPN service logs. The service also denies any involvement with the NSA or any other government agency in the fake email scare.
PureVPN is a good VPN service that offers excellent encryption and reliability. While they may, like many good companies, have fallen victim to an attacker that got access to some of their email addresses, this doesn’t mean that their service was compromised. According to the company, their service is up and running, is 100% in operation and it is completely safe to use.
Making it Right
After the dust had settled, PureVPN sent out an email to customers offering five weeks of free service to annual subscribers, three weeks of free service to semiannual subscribers and two weeks of service to monthly subscribers. If you happened have an invalid account with PureVPN, they will shave five dollars off of their rates to make up for the incident.
The company also said, rather than being a complete disaster, this actually ended up making their service stronger. Between offering a discount and a speedy response to the incident, PureVPN does show excellent customer service in this regard — Check out our Detailed Review of PureVPN.