UFO VPN

UFO VPN operates as a virtual private network service provider with its headquarters located in Hong Kong. The company markets its product as a tool for encrypting internet traffic and masking users’ IP addresses to enhance online privacy and security. It claims to adhere to a strict no‑log policy, asserting that it does not retain records of user activity or connection details. The service is intended for individuals seeking to protect their data while browsing, streaming, or accessing geo‑restricted content. UFO VPN’s core offering consists of client applications that establish secure tunnels to its servers located in various jurisdictions. The provider positions itself within the competitive consumer VPN market, emphasizing privacy protections as a key differentiator. No explicit information about the size of its user base, annual revenue, or market share is available in the source material.

In July 2020, UFO VPN experienced a significant security incident when a database containing sensitive user information was exposed and subsequently destroyed in a “Meow” attack. The exposed data included plaintext passwords, user and VPN IP addresses with geolocation details, session tokens, and device information, contradicting the company’s stated no‑log policy. The breach also had collateral effects, impacting thousands of other unsecured MongoDB and Elasticsearch databases that were similarly misconfigured. Investigations indicated that the exposure resulted from mismanagement during a database migration, where configuration failures allowed unauthorized access prior to the destructive attack. The incident highlighted gaps in the provider’s data handling practices and raised questions about the validity of its privacy claims. No further details regarding ownership structure, parent or subsidiary relationships, or subsequent remedial actions are provided in the available sources.