this post was submitted on 06 Jan 2026
105 points (99.1% liked)
Technology
78750 readers
4338 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Why would *VPN even have ANY data worth taking through breaching?
They operate a business that charges for a service, and therefore have user accounts and payment data for those accounts.
There is at least one VPN provider (that I know of) that doesn't record account and payment data. You can send the fee via regular post in a envelope tied to only a random numerical user ID
Mulvad. That's how I do it.
Same reason as any other online company?
So for selling it to aggregators? That's bad practice for a VPN-providing company.
You really think thats the primary function for user data? Not like, billing?
Billing? ID -> balance. "Very" important data for hackers. They had more? Like card numbers, names, addresses, etc? That's a bad practice for VPN providers.
You are surprised that a for-profit company that bills people on a RECURRING basis for a paid service keeps card numbers and billing addresses/names? How would recurring bills be paid if the info isn't stored?
I'm not surprised. I am accustomed to the shit around.
Just go to the bank (or open your bank application on the phone) and pay.
This is not how most people operate around subscription services. People expect that the online subscription service will manage that shit. Less secure I know, but you live either in the past or in a much higher risk environment than most.
How do they send you your invoice? Password resets?
Mulvad gives you a 16 digit random number when you sign up. Anyone with that number can use that account, it's on you to not lose it, if you do you have to make a new account. You send them money and an account number and they add balance to that account. When it's out, that account is blocked from service until they get more money. You hack their service and you get a list of numbers and whether or not they have service. They keep no documentation and if you pay with card you have to manually input every time. I know them better than they know their users.
The customer can notify ID during payment.
I'm not sure what you mean by that...
It wasn't, it was test data
You don't have any "test data" if you don't have any "real data". Why would you?
Uh.. this entire event is a strong reason for using dummy data in a testing environment. You shouldn't ever use production data in a test environment.
You generate dummy data that looks like real data for testing purposes.
You didn't understand what I am saying.
I do understand, you just don't seem to understand that this testing environment never contained real data. And you can absolutely generate dummy data without having real data to start with.
No, you don't.
Ok, then explain it to me.
I say that they shouldn't have any sensitive information at all. And their claim that it was testing data that leaked shows that they do have that sensitive information. It just hasn't leaked yet. At least if we believe in what the company says.
I just wanna say that I get what you're saying and this thread was hilarious to me for some reason.
Because your previous trust is clearly misplaced.
I don't care what somebody's TOS says, I'm going to remain skeptical.