This morning as I woke up I had an email with the following topic in my Inbox from PureVPN: Urgent notice from PureVPN.
In the email the following text could be read.
Email number 1 – The fake email
I’m sorry to inform you that due to an incident we had to close your account permanently. We are no longer able to run an anonymization service due to legal issues we are facing.
We had to handover all customer’s information to the authorities unfortunately. They might contact you if they need any details about the case they are working on. The following information was handed over: your name, billing address and phone number provided during purchase and any documents we had on file (for example scan of your ID or driver’s license if you have provided these to our billing department).
We are also sorry we are not able to refund you, however if you wish your money back, please open a dispute on PayPal or file a chargeback with your credit card company. This is the only way we can refund you as our bank account is frozen during this investigation. We recommend you to do this as soon as possible as we can’t guarantee all customers will get their money back.
We apologize once more this had to happen.
Email number 2 – Official PureVPN response nr. 1
Luckily they soon noticed that this fake email had been sent out and exactly two hours later I received the following follow up email to my account with the following message.
Hope you are doing well and enjoying PureVPN’s services.
This morning some of our users have received a fake email and we are sending this note as a clarification. We are NOT closing down nor do we have outstanding legal issues of any sort. We have neither been contacted by any authorities nor do we store our user’s personal data to share with anyone.
In terms of service, features, level of support and speed of VPN network we are indeed stronger than ever and our recent growth rate has been phenomenal. Lots of additional features have been planned and we are pretty excited with what we have been working on in the back office.
Status of the VPN service:
Our VPN service is working 100% OK. You may continue using our VPN service which is secure to the highest possible levels of encryption.
This again means that the email you received first was not real, and the VPN services of PureVPN is up and running as normal. If you have any thoughts on this, questions or whatever, feel free to write a comment.
Email number 3 – Official PureVPN response nr. 2
A new email has now been sent with further information on the subject of the email fake email sent earlier, and this is the message of the last email (so far).
We are writing this email to give you ‘Second Major Update’ on PureVPN Fake Email Issue.
Our VPN service is functioning 100% fine and there is no interruption whatsoever. While we are investigating the cause of the email, we reemphasize that, as we do not store any of our users credit card nor PayPal information in our on-site databases, there has been no compromise in our users billing information. Similarly, service troubleshoot logs (connection attempts, users IPs, etc) are safe and intact as we do not store such logs on site. Furthermore, as we vouch for privacy, security and anonymity on the internet, hence we do not store actual VPN service usage logs.
Preliminary reports suggest that we are hit with a zero day exploit, found in WHMcs; 3rd party CRM that we use on our website: http://blog.whmcs.com/?t=79427
We are able to confirm that the breach is limited to a subset of registered users Email IDs and names.
At PureVPN, in recent months, we have experienced phenomenal growth and we are pretty excited with what we have been working on in the back office. Clearly, we are getting more and more popular crossing new heights too fast for some to worry and such attacks are not unexpected with popular services these days. Such incidents add to our resolve to continuously improve our service for our users.