For Hola VPN, One Price of Free is Shoddy In-House Security
As we have explained in the past, free VPNs are, without exception, too good to be true. Google Chrome users who utilize the free VPN extension Hola and manage their cryptocurrencies with MyEtherWallet were told in a tweet on Monday to move their tokens to new accounts lest they lose their funds—that is, if their funds still existed.
The tweet explained that Hola, the VPN service which claims to serve 159 million users with “secure browsing” for free, became compromised for five hours in a cryptocurrency heist specifically targeting MEW users.
We received a report that suggest Hola chrome extension was hacked for approximately 5 hrs and the attack was logging your activity on MEW.
— MyEtherWallet.com (@myetherwallet) July 10, 2018
According to sources who spoke with TechCrunch, the attack appeared to originate from a Russian IP address.
Hola went on to perform a bit of victim blaming with the declaration, “We will work with MEW and others in the ecosystem on standards that will make Crypto wallets safer from these forms of attacks.” A not-so-subtle suggestion that the online wallets were responsible for Hola’s inability to safeguard their own Chrome Store account.
Such rhetoric feels on par with a company who injects ads into browsers and sells its userbase’s bandwidth to enable its own botnet.
MEW also makes it abundantly clear they absolve themselves of accountability to their users, reminding people they are not a bank, and when a user visits the site, a pop-up warns, “You and only you are responsible for your security.”
Netizens should take this experience to heart; users who arm themselves against phishers and scammers—as well as invest in a reputable VPN service who likewise invests in user privacy and security—are much better equipped to avoid becoming a future casualty of cyber marauders.