Chrome VPN extension Hola sold user's bandwidth to DDoS attackers

Popular peer-to-peer VPN service Hola has become one of the most popular extensions for web users for its free and easy-to-use service, but it looks like the company has been using bandwidth from users for illegal DDoS attacks, amongst other things.

Imageboard 8chan first reported multiple DDoS attack from Hola, claiming it used an affiliated Luminati network to send the huge traffic spikes. DDoS attacks have been a frequent issue for 8chan, as it struggles to build reliable servers and infrastructure.

Utilising the power of nine million users, Hola was able to create a botnet strong enough to take down most websites. Even though Hola claims stealing bandwidth from users to sell to others is perfectly legal, millions are outraged at what is being done with their own network.

Hola claims Luminati has the same power as any other VPN network, but other VPNs tend not to use user networks to power the VPN. Instead, VPNs normally set up dedicated servers worldwide, which users jump on to avoid geo-location blocks.

In order for users to remove the peer-to-peer VPN service, they have to pay $5 per month. Hola has always been rather secretive when it comes to its paid model and even more secretive with what it does with free user’s bandwidth.

Seeing the massive growth in Hola over the past few years, it is clear users crave a reliable VPN service that is free. The issue is for a VPN service to be free, it needs another business model.

Most free VPN services adopt the advertising model, slapping ads all over Google Search. Hola found another way around it, by selling user’s bandwidth to its other VPN service, something we doubt any user is happy to hear.