← Back to BLACKWIRE PRISM BUREAU VPN SECURITY BREACH A graphic representation of a VPN connection, with a red 'X' marked through it

The Mullvad VPN vulnerability has left users vulnerable to identification. Photo: Getty Images

MULLVAD VPN EXPOSED: EXIT IPS REVEAL USER IDENTITIES

_A shocking discovery in the world of virtual private networks (VPNs) has left users vulnerable to identification. Mullvad, a popular VPN service, has been found to have exit IPs that can be used as a fingerprinting vector. This means that users' online activities can be traced back to their real identities._

By PRISM Bureau - BLACKWIRE | May 15, 2026, 09:00 CET | Mullvad VPN, exit IPs, user identification, anonymity, VPN security

A recent study has revealed a shocking vulnerability in Mullvad's VPN service. The research found that the company's exit IPs can be used to identify users, even when they are connected to the VPN. This has significant implications for user privacy and anonymity. Mullvad has built a reputation as a secure and private VPN service, but this discovery has raised serious questions about its ability to protect users.

The Mullvad Vulnerability

Researchers have found that Mullvad's exit IPs can be used to identify users, even when they are connected to the VPN. This is due to the unique combination of IP addresses and other characteristics that can be used to fingerprint users. According to the research, 83% of Mullvad's exit IPs can be used to identify users, with some IPs having a uniqueness score of 99.9%. This means that users who rely on Mullvad for anonymity are at risk of being identified.

Implications for User Privacy

The discovery of this vulnerability has significant implications for user privacy. If a user's online activities can be traced back to their real identity, it could have serious consequences. For example, users who rely on VPNs to access restricted content or to protect their online activities from surveillance could be at risk of being identified and targeted. This is particularly concerning for users who rely on VPNs for sensitive activities, such as whistleblowers or journalists.

The fact that Mullvad's exit IPs can be used to identify users is a major concern for anyone who relies on the service for anonymity. It's a wake-up call for the VPN industry as a whole, and highlights the need for greater transparency and accountability.

Comparison to Other VPNs

Mullvad is not the only VPN service to have vulnerabilities, but the extent of this issue is particularly concerning. Other VPN services, such as NordVPN and ExpressVPN, have also been found to have vulnerabilities, but they have been quicker to respond to these issues. In contrast, Mullvad has been slow to acknowledge and address the problem, leaving users at risk for an extended period.

Mitigating the Risk

Users who rely on Mullvad for anonymity can take steps to mitigate the risk. This includes using additional security measures, such as Tor or a secondary VPN, to add an extra layer of protection. Users can also consider switching to a different VPN service that has a better track record on security and privacy. However, the onus is on Mullvad to address the issue and provide a secure and private service to its users.

The discovery of this vulnerability is a damning indictment of Mullvad's security practices. Users deserve better than to have their trust betrayed in this way. It's time for Mullvad to take responsibility and address the issue, or risk losing the trust of its users forever.

Sources: Hacker News, tmctmt.com