A popular free VPN service has accused of leaking over 360 million user data records online.

SuperVPN’s breach includes a staggering amount of people’s sensitive information, including email addresses, original IP address, geolocation records, unique users’ identifiers, references to visited websites, and more.

With the service counting over 100 million downloads worldwide across the Google and Apple app stores, the expert who investigated the incident believes it should “serve as a wake-up call” for users about the need to choose a trustworthy VPN service instead.

SuperVPN risks

“As more people around the world care about data privacy or try to bypass censorship they often use a VPN. This is a prime example of what data could be captured, shared with governments, or exposed in the event of a data breach,” Jeremiah Fowler, the cybersecurity researcher who discovered and reported on the breached database, told TechRadar Pro.

Fowler discovered a publicly exposed database linked with the SuperVPN app containing 133 GB of data, including personal user information such as IP location, servers used and Unique App User ID numbers as well as details about user online activities, device model, operating system and refund requests.

After reaching out to the available email addresses associated with both the iOS and Android VPN app versions, the database was closed without any explanation.

The move is especially concerning as the SuperVPN app was, in fact, trending on Twitter “as recently as last week when Pakistan blocked social media,” Fowler told us.