Pro tip: That free VPN app cost me my login credentials

Last Tuesday I downloaded a free VPN from an ad on social media. Within 2 hours my email got a password reset request I didn't make. Turns out the app was just data harvesting and not actually routing traffic anywhere safe. I ran a scan with Malwarebytes and it flagged the app as adware immediately. Had to change 12 account passwords and turn on 2FA for everything. Has anyone else gotten burned by sketchy 'free' security tools?

3 comments

3 Comments

claire_gibson1mo ago

The speed of these scams is unreal now. Two hours for a password reset request means they had a whole automated system running the moment anyone installed that app. It's not just some guy in a basement anymore, they've got bots and scripts that work faster than any human could respond. And that delivery notification story about your friend shows how they're using real time data too. They scrape order confirmations from leaks or phishing setups and time their texts perfectly. The only thing that saved me was having 2FA already on my email, otherwise they would have locked me out completely. Makes you feel like you need to treat every free tool like a ticking time bomb and assume it's already compromised until proven safe.

susan_wright341mo ago

Holy cow, two hours? That's terrifyingly fast. I can't believe they sent a password reset request that quick. Makes you wonder how many other people got hit before they even realized what was happening.

milaw141mo ago

@susan_wright34 right? And the scary part is this isnt even new anymore. I feel like every week theres some new story about a scam that went faster than anyone thought possible. Like last month my friend got a fake delivery notification text 10 minutes after ordering pizza. They knew exactly what to say to make her click. These scammers are watching everything.