One of the world’s most popular free VPN services is leaking sensitive data on its users, a security researcher has claimed.
A flaw in Hotspot Shield, which boasts more than 500 million users, leaks information such as what country a user is located in and the name of their Wi-Fi network.
This information could then be used to pinpoint a user’s location by cross referencing the Wi-Fi network name and other publicly available information.
The flaw was discovered by Paulos Yibelo who said Hotspot Shield is “riddled with bugs that allow sensitive information disclosure and easy compromise”.
“By disclosing information such as Wi-Fi name, an attacker can easily narrow down or pinpoint where the victim is located,” Paulos told ZDNet.
“You can narrow down a list of places where your victim is located,” he added.
AnchorFree, the company which operates Hotspot Shield has reportedly acknowledged the flaw and is readying an update to protect users.
The advice to security conscious users is to stop using Hotspot Shield until a patch is released.
This isn’t the first time Hotspot Shield has been in the news for the wrong reasons.
Last November, the free vpn service was accused of selling data on its users to advertisers.
Pro privacy organisation, The Center for Democracy & Technology accused Hotspot Shield of “unfair and deceptive trade practices”.
The CDT claimed that Hotspot Shield logged user IP addresses, recorded location data and sold it to advertisers.
Hotspot Shield has denied the accusations, with a spokesperson saying the claims made by the CDT were “unfounded”.