HotSpot Shield, PureVPN, Zenmate and PureVPN found to be vulnerable to flaws that could compromise user’s privacy. Hotspot Shield’s Chrome extension exposed users’ original IP address to DNS server, allowing ISPs to monitor and record their online activities. PureVPN is the same company who lied to have a ‘no log’ policy, but a few months ago helped the FBI with logs that lead to the arrest of a Massachusetts man in a cyberstalking case. ZenMate and Pure VPN have not been disclosed since they haven’t yet patched.
Source: https://thehackernews.com/2018/03/vpn-leak-ip-address.html