LimeVPN

LimeVPN operates as a virtual private network provider, offering VPN services that encrypt users' internet traffic and mask their IP addresses. The company is headquartered in the United States of America. Its core product is a VPN service aimed at individuals seeking privacy and security online, though the prompt does not specify any business‑focused offerings.

The breach disclosed in June 2021 affected approximately 69,000 user records, giving a concrete indication of the scale of its user base at that time. The stolen data included plaintext passwords, IP addresses, billing details, and private keys that could be used to decrypt traffic. The attacker also claimed responsibility for taking down the company’s website, which displayed malware infection warnings to visitors. Notably, direct payment‑card information was not part of the leak because the organization relied on third‑party processors for billing.

The incident highlighted distinguishing attributes of LimeVPN’s security posture, such as the storage of credentials in plaintext and the retention of private keys enabling traffic decryption, which are atypical for a security‑focused service. After the breach, the company acknowledged unauthorized access to its backup server, initiated credential resets for affected accounts, and launched a system audit to assess the extent of the compromise. Researchers independently verified the breach by examining leaked samples and communicating with the attacker, confirming the validity of the disclosed information.