LiquidVPN Reaction to BoA Hack

It might only be Wednesday but it’s already been a hell of a week for the LiquidVPN team.  You can tell the level of frustration from an email sent to users a few hours ago.  By Tuesday they had experienced a corrupted authentication server, a data center had been DDOSed, a user was attacking Bank of America and they had received over 50 abuse reports.  As a result LiquidVPN was going to enable logging on some US servers.

LiquidVPN Update

Here’s a copy of the original announcement we received from LiquidVPN on February 12th:

Some Personal Unlimited VPN Service Subscribers may not be able to sign in until we manually recreate your account.

If you are subscribed to the personal unlimited VPN service you may get an authorization error when trying to login to LiquidVPN. It is because the main database used for authorization has failed and the failover database corrupted some subscribers to the old single session plan. If you have been affected by this you must open a ticket so support can re-create your account.

Logging will be enabled on USA South

Due to the actions of 1 individual who decided to attack Bank of America earlier this week a great data center who for the past 6 months had been so understanding when it came to DMCA notices has changed their policies and sent about 20 unique notices for the past 4 days for files like these.
HappyTugs – Lana Violet (Rubbed right)
HappyTugs – Nipsey – Doll Rubbing
Prinzzess (Damsel) Cocaine.mp4

To make a long story short they are threatening to take all 8 servers offline or at the very least changing the routing on them so that IP Modulation and Dynamic IPs will not be viable. This is a large portion of our USA Network so we are going to be enabling logging on this network for the time being. I strongly suggest anyone that is using the USA south network for any illegal activities to stop and find another provider. When logging is disabled a new email will go out.

8 Possible Servers Coming Offline

Our USA South network may get cut off suddenly if the data center decides we did not do enough to address the problem. If it happens I will make an announcement

Here’s an updated we received from LiquidVPN on February 13th:

We WILL NEVER enable blanket logging.

We were unable to salvage the USA south network because more abuse reports were generated. We are working very hard to replace the servers. It may be a few days before we are back to full capacity.

If you are experiencing any problems logging into our service it is because of a completely unrelated DDOS that happened and corrupted some of the replication between our authorization servers. Please open a ticket and we will fix it ASAP.

If you would like to read details about the Bank of america attack please check out this reddit thread

Also I would personally like to thank everyone that wrote in, emailed, chatted and even called today for your support. Having such great users is what keeps me passionate about LiquidVPN. It really means a lot.

The founder of LiquidVPN has been very open in sharing the details of the situation on Reddit.  After reading his response I believe he was doing what he felt was right for both his users and the company.  Instead of enabling logging in secret he informed users first and was going to wait a day to make sure the message had time to spread.  In the meantime the data center got cold feet and pulled out.  Leaving LiquidVPN to seek alternatives.

We also noticed that the same data center hosts other VPN providers.  Given their decision to cut off LiquidVPN what long term affect might this have on other providers?  Most services are dependent on third party data centers.  Tier-1 services like IPVanish and VyprVPN host their own U. S. servers.  Giving them more flexibility in these situations.  It will be interesting to see how many smaller VPN companies decide to just white label and resell access to a tier-1 network rather than deal with the mess that LiquidVPN is going through now.