Our videos have over 5 million views on Youtube! Visit our channel now »
The listings featured on this site are from companies from which this site receives compensation. Read the Advertising Disclosure for more information
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.


vpnMentor is owned by Kape Technologies PLC, which owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

Affiliate Commissions Advertising

vpnMentor contains reviews that were written by our experts and follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will be based on an independent, honest and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, which will however not affect the review but might affect the rankings. The latter are determined on the basis of customer satisfaction of previous sales and compensation received.

Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may take into consideration the affiliate commissions we earn for purchases through links on our website.

Report: Freedom Mobile Data Breach Exposes Canadian Customers' Full Credit Details

vpnMentor's research team recently discovered that Freedom Mobile experienced a huge data breach.

Led by hacktivists Noam Rotem and Ran Locar, vpnMentor's researchers discovered a breach which exposes up to 1.5 million active Freedom Mobile users' personal data. Freedom Mobile (formerly Wind Mobile) is Canada's fourth-largest wireless communications provider.

Our team discovered 5 million unencrypted records, but for ethical reasons, did not download the database so cannot provide exact numbers. The company has since claimed that "only" 15,000 records were exposed.

The database was totally unprotected and unencrypted. The data includes credit card and CVV numbers.

Timeline of Breach Discovery and Reaction

  • April 17: We discover leak in Freedom Mobile's database.
  • April 18: We email Freedom Mobile to inform company of serious data breach. Receives no response.
  • April 23: We try to contact Freedom Mobile again.
  • April 24: Freedom Mobile finally responds to messages.
  • April 24: Freedom Mobile closes data breach.

Examples of Entries in the Database

Similar to Gearbest's unprotected Elasticsearch database, Freedom Mobile's database was completely unencrypted. We had full access to more than 5 million records, reflecting up to 1.5 million users.

These records seem to reflect any action taken within a user account, allowing for multiple entries per customer.

The personal data exposed includes:

  • email address
  • home and mobile phone number
  • home addresses
  • date of birth
  • customer type
  • IP address connected to payment method
  • unencrypted credit card and CVV numbers
  • credit score responses from Equifax and other corporations, with reasons for acceptance/rejection

We could also access account numbers, subscription dates, billing cycle dates, and customer service records including locations.

Some entries also included data from an Equifax database. This included information on credit scores, credit class, and credit card accounts.

Data Breach Impact

Ironically, Freedom Mobile prides itself on offering high levels of privacy. It's even in their Twitter bio:

However, they clearly shared - and overshared - their customers' data.

After discovering the data breach, we quickly alerted Freedom Mobile to the issue. When they didn't immediately respond, we asked contacts at another security site help us reach them in case our emails went to spam. As they eventually replied, we know that this isn't the case.

For ethical reasons, we didn't download the database, so we don't know exactly how many people were affected.

However, we could access at least 5 million unprotected records. Freedom Mobile has at least 1.5 million subscribers, and its parent company is owned by Shaw Communications which has more than 3.2 million customers across Canada. This may the largest breach experienced by a Canadian company.

It's rare to find a leak which details both credit card information and CVV numbers together, especially in such a large breach.

As this data leak includes unencrypted credit card information, Freedom Mobile is potentially in breach of PCI (Payment Card Industry) compliance rules. This could result in serious real-world impacts for the company as well as its users.

Dangers of Hacks

A database full of credit card data, birth dates, full names, addresses, and phone numbers also allows for credit card fraud and identity theft. This could cost users - and their banks and insurance companies - hundreds of thousands of dollars.

An unencrypted database of personalized information is a valuable resource for hackers. Access to addresses, email addresses, phone numbers, and credit data can help malicious actors execute sophisticated phishing schemes.

Credit information also allows for highly targeted ransomware attacks, as bad actors know where they can demand high prices.

Even the most careful user can't defend itself against a company that saves their data on an unsecured database. The best way we found is to use a temporary card, account, or CVV number connected to your account. See our complete guide for more information.

About Us and Previous Reports:

vpnMentor is the world’s largest VPN review website. Our research lab is a pro bono service that strives to help the online community defend itself against cyber threats while educating organizations on protecting their users’ data.

We recently discovered a huge data breach impacting 80 million US households. We also revealed that Gearbest experienced a massive data breach. You may also want to read our VPN Leak Report and Data Privacy Stats Report.

Please share this report on Facebook or tweet it.

About the Author

vpnMentor Research Lab is a pro bono service that strives to help the online community defend itself against cyber threats while educating organizations on protecting their users’ data. Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback
Comment Comment must be from 5 to 2500 characters long.