Malwarebytes has completed its first independent, third-party security audit of its Privacy VPN infrastructure, confirming a strict no-logs policy and addressing several identified software vulnerabilities and security gaps.

Key Points

• Security firm X41 D-Sec conducted a two-month "white-box" penetration test on Malwarebytes' VPN apps and diskless server network.
• The audit confirmed that Malwarebytes does not log user activity, IP addresses, or DNS queries, aligning with its stated privacy policy.
• Auditors identified multiple vulnerabilities during the assessment, including one critical issue, all of which have been addressed or are currently being resolved.
• The audit covered Malwarebytes Privacy VPN applications across Windows, macOS, iOS, and Android platforms.
• This transparency initiative follows the company's 2024 acquisition of AzireVPN and aims to compete with major market rivals like NordVPN and ExpressVPN.

Why it Matters

Independent audits provide verifiable proof of privacy claims, moving the VPN industry away from reliance on blind trust toward evidence-based security. By publicly addressing identified vulnerabilities, Malwarebytes establishes a higher standard for transparency that helps users make informed decisions about their digital privacy.