When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

VPN servers and private routers are part of over 4 million internet hosts vulnerable to hijack from cybercriminals.

What happened?

Graphic of fibre optic cables attacking code

The vulnerabilities were discovered byTop10VPNalongside security researcher Mathy Vanhoef.

The bang out of vulnerability concerns tunneling packets.

In this case, the internet hosts accept tunneling packets without verifying the sender’s identity.

Transparent hand typing on keyboard

Hackers can send data to attack and gain access to victim’s devices or networks.

Vulnerable hosts can be abused as one-way proxies, which enables the possibility of anonymous attacks.

The total number of vulnerable hosts was 4,262,893 and 1,858,892 of those were spoofing-capable.

Image of VPN connected to motherboard

These attacks are easily traceable to the compromised host, however, which can then be secured."

IPIP and IP6IP6 are commonly used in Linux-based routing and can also be used by the OpenVPN protocol.

Of the 1,365, at least 130 servers appeared to be connected to consumer VPN services.

Wi-fi router with wi-fi symbol coming out of the top

As mentioned, none of the leading VPN providers were listed.

17 vulnerable servers associated with Singapore-based AoxVPN were identified.

Several of its associated domains were identified, including its website host aoxvpn.com.

ExpressVPN | 2 years + 4 months FREE | $4.99 per month$4.99 per month

Domains related to Indonesian-based AirFalcon VPN, and Hong Kong-based AmanVPN were found to accept unauthenticated tunneling traffic.

The GRE protocol was identified as affecting approximately 123 VPN domains connected to businesses or organizations.

These 171 servers were present in 33 countries.

Red computer security warning

Is my home router at risk?

Routers with the host name*.fbxo.proxad.netaccepted unauthenticated plaintext 6in4 tunneling packets from any source.

Top10vpn.com reported that Free has secured its affected routers after being made aware of the vulnerability.

Surfshark graphic of 2024 data breaches

However it is still worth clarifying this if you are a Free customer.

it’s possible for you to also consider using a more secure protocol, such as WireGuard.

If you have control over your web connection then you’re free to implement traffic filtering.

Floating eyeballs watching a red laptop

On a consumer level, see to it you are using a trusted and secure VPN provider.

A reliable VPN will encrypt traffic and protect your devices from third-parties and hackers.

It will be regularly updated to ensure you are receiving the best protection possible at all times.

Broken speech bubble on red background

All the devices in your home can therefore benefit from VPN protection, giving you peace of mind.

We test and review VPN services in the context of legal recreational uses.

For example: 1.

VPN on phone in front of US flag

Accessing a service from another country (subject to the terms and conditions of that service).

Protecting your online security and strengthening your online privacy when abroad.

We do not support or condone the illegal or malicious use of VPN services.

secure VPN

Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

Cartoon image depicting Surfshark�s Bypasser feature for iOS

IPVanish

Graphic of padlock with multi-coloured data background

Collection of VPN apps on iPhone screen

NYTimes Connections

Sebastian De Souza as Garrett and Sofia Carson as Alex in "The Life List" on Netflix

NYT Strands on a cellphone

A bald eagle in The Americas

Diego Luna in Andor season 2 trailer

Anthony Mackie in Captain America: Brave New World

Best headphones