Detailed credentials for more than 21 million VPN users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN providers themselves. The data includes email addresses, randomly generated password strings, payment information, and device IDs belonging to users of three VPNs that offer their services for free – SuperVPN, GeckoVPN, and ChatVPN. While shocking, the unfortunate truth about the recent VPN data leak is that this type of data mishap is nothing new. In 2019, the popular VPN provider NordVPN confirmed it suffered a breach the year before. And last July, seven VPN providers were found to have left 1.2 terabytes of private user data exposed online. Given all this activity, which VPN provider can you trust? An important thing to keep in mind is that a VPN is merely serving as a substitute for who sees your data. When you use a VPN, it isn’t your ISP or even a government viewing your activity – it’s the VPN itself. A few guidelines for choosing a VPN provider include reading trusted, third-party reviews; ensuring that it has a customer support contact; and exercising caution when the service is free, which is particularly relevant given the latest breaches. Read more at Malwarebytes.