Can a VPN be Hacked or Tracked in 2023? Here’s what we found

We see it all the time when we talk about VPNs – claims that you’re digitally invisible to the government and other trackers if you use one. But how true is it? Are you really safe from all threats on the internet? Can a VPN be hacked or tracked? Let’s find out.

Can a VPN be Hacked or Tracked Heres what we found

Short in Time? Here’s the short guide for your question

  1. It’s very rare to get tracked or hacked if you’re using a good VPN
  2. Do not use free VPN
  3. Always Check No logs policy
  4. Thankfully, most of the situations are easily preventable.
  5. Always make sure that you have a malware blocker installed on your device.

Can VPNs be hacked or tracked?

Yes. VPNs can be hacked, and even tracked – but doing so would cost an enormous amount of work. Only someone with an immense amount of grudge against you would dedicate their time and energy to pursuing your online activity and profiles – but it could take around 200 times longer than the universe has existed.

It’s time to use the terminology we learned above to figure out who can track or hack you, despite you being connected to the VPN.

1. Your ISP

While your ISP cannot read or decrypt your encrypted data, your data is still passing through the ISP from the VPN client to the VPN server. They will obviously not be able to decode your encrypted data, which is generally the AES-256 encryption standard used – in theory, it would take more than a million years to decode it.

However, They will know that you are using a VPN, and they may be able to identify the kind of network traffic it was based on the timing and density of the data packets. – Web pages, streaming, P2P, etc. But can the web pages or streaming websites lead back to you? Not really.

This is because the VPN client and server have masked your IP address, so the website receives a request from the IP address of the server, and not you. Should you be worried about your ISP tracking you? Not really.

  1. The chances of your ISP dedicating their resources to individually look into your online activity is slim to none. Your ISP probably has millions of users and they have no intention to look into John’s personal data for no reason at all.
  2. Even if the ISP tried to dedicate its resources to finding your digital footprint (online activity), all of the traffic is heavily encrypted and simply cannot be hacked into. You are safe from your ISP if you use a VPN.

Hence, there’s no need to worry about being hacked or tracked by your ISP, even though they may be aware that you are using a VPN – they will have no idea where you’ve been visiting. They might be able to identify that you were probably streaming something (based on the timeframe and density of data packets), but they will not know what and where.

2. Malware

Since even your internet provider cannot track your online activity after an extent, you’ll feel happy to know that even the government may not be able to track you. However, you can still be tracked by a malware, and you might wonder how?

While it’s true that a malware may come from the internet, you can’t forget that it can be stored on your device and not your internet. Even if your internet is turned off, a malware can track your desktop activity, your files, and anything that is on your device.

When you turn your internet on, it can still see your activity as it is on your device – which is not encrypted. Only your network traffic is encrypted. For example, a malware can simply track your browser activity – it does not matter whether it is encrypted or not – it will be able to see every website that you receive access to.

Always do a routine checkup for malware and make sure that you do not download one accidentally. Most VPNs offer a certain amount of protection against malware like ExpressVPN, but it is always recommended to have a standalone malware blocker like Malwarebytes on your device.

3. Cookies

Cookies are generally stored on a website, which can contain details of your activity. Sure, they may not be able to know whose activity they have – unless you provide it to them. Social media websites also use cookies for providing you with advertisements, but is that it?

Not really. Using social media means your personal account is stored in their database along with your cookies. These cookies can be shared with advertising agencies to provide you with ads that are dedicated to you. Here’s an excerpt from Instagram’s Cookie Policy.

Instagram’s Cookie Policy

Using A VPN will encrypt your online activity, but Instagram will still know that Account XXX did XXX on Instagram. It’s always better to ensure that you do not give too much personal information on your social media handles. Thankfully, most social media applications or even browsers offer the option to “Block all cookies”.

Your location and network are still encrypted, so they cannot know that Account XXX belongs to your IP address, so that’s a good thing.

4. The Government

As I mentioned earlier, the government may not be able to track you. And while that’s true, let’s not underestimate the government. They would have to use an immense amount of resources to track or hack you, and you would have to be a very important person that committed a terrible crime – safe to say, they probably aren’t interested in you individually.

So in what scenario can the government stumble upon your data without individually looking for it? A server seizure.

A server seizure is a seizure of electronic data carriers, like VPN servers, that are seized during an official investigation by law enforcers.

While the government will not individually come after you, they can still seize VPN servers if they have the ground to do so. For example, ExpressVPN servers were under investigation by Turkish Authorities for the assassination of a Russian Ambassador.

They alleged that the assassin used ExpressVPN to delete evidence by logging into his Gmail and Facebook accounts. Turkish authorities came up empty-handed, as ExpressVPN and most premium VPNs come with a no-logging policy – they refuse to store any information on their users.

This was surprising, as ExpressVPN is based in the British Virgin Islands – the jurisdiction of which has strong privacy legislation and no data retention requirements. I guess this shows that even VPNs and their users are not above the law.

There have been other VPNs in the past that had their data seized by the authorities and even shut down. So Should you be worried about the government seizing the servers and getting their hands on your digital activities? That depends highly on the VPN you use.

ExpressVPN offers no data retention and no data logging – they do not store any of your logs, and all of your online activity is highly encrypted. They also only keep your session data (time of VPN session and data used) on their RAM servers – which is wiped once the session ends.

Even if the government were to seize ExpressVPN servers, they’d find nothing – their privacy and security have been independently audited by many professionals.

5. Digital Fingerprinting

You may have understood the ISP, cookies, malwares, and the government having a slight chance of accessing your data, but what exactly is a digital fingerprint?

Digital fingerprinting was initially developed for security purposes, now it’s being used for privacy-invasion purposes. It is a tracking technique capable of identifying individual users based on their browser and device settings. Settings like your screen resolution, operating system, location, and language. The scary part is that this technique has a success rate of identifying users 99% of the time.

Unfortunately, A VPN can’t do much about this, as it’s your device and browser data that gets you tracked and not your internet. However, it can stop your IP address from being added to your digital fingerprint. Some browser extensions can also help minimize the data collection on your device.

6. DNS Leaks

[include image of the source sent earlier]

A DNS leak can reveal all of the websites that you have been visiting to your ISP or any prying eyes. We saw at the start of this article the example about accessing google with the VPN, here’s what a DNS leak would mean in that context.

  1. gets encrypted by the VPN client and is sent to the ISP.
  2. ISP can’t read it and forwards it to the VPN server.
  3. The VPN server decrypts it and sends the request to
  4. But wait, your DNS leaked through the VPN during traveling through the VPN tunnel. (From Client to ISP to Server and vice-versa.)
  5. What does this mean? Your ISP knows you tried to access

This is not ideal, as your ISP already knows that you use a VPN, and a DNS leak only makes it worse by revealing the places you visit. Thankfully, this is quite preventable – based on your choice of VPNs. Most VPNs have a system that ensures that no DNS is being leaked, and if it is – it will block your device’s access to the internet, keeping you safe.

ExpressVPN is quite good at preventing leaks in general. It offers its own encrypted DNS on every VPN server, ensuring that your online activity falls in the hands of nobody, not even them.

DNS Leak Test

If DNS leaks seem harmless or rare to you, feel free to do a DNS leak test without using a VPN. These were my results. Six servers could access and track my online activity – which did not feel safe at all. Ensure that you are using a premium VPN that offers private DNS functionality to keep you safe.

Tips To Stay Safe

As we’ve already gathered from this article, VPN can help keep you safe by protecting your internet connection – but there are threats that are not limited to that. You can still get hacked or tracked by a malware on your device, you can still get tracked by social media apps. Here are a few tips that’ll help you stay safer.


Choose a strong password that is a combination of uppercase and lowercase letters. Be sure to include numbers and symbols for additional safety. This will protect all of your accounts online, and you’ll be very secure against all attacks if you use different passwords for different websites.


Before downloading any files, make sure that the file is malware free. This can be done through a virus test or a malware blocker like malwarebytes. Do not open any downloaded files that you doubt may be a virus or a malware, as things could only get riskier. Ensure you have a good anti-virus on your device for such situations.

Social Media

As we know now, social media websites also use cookies. They may not be able to link your account and your IP address, but they can still have some data on you. Be mindful of what you share on social media, keep your confidential information confidential.


One of the most common ways people get infected by a malware or virus is by answering to emails. Hackers use phishing pages. For example, somebody can send you a link to a website that looks exactly like Facebook – you can log in and access Facebook, but the email and password you use will be sent to the person who runs the phishing website.

There are many emails that appear to be official but aren’t. Always make sure that you are visiting the right link. If the link says “” or anything else instead of “”, you are probably on a phishing website and need to stay careful.

Use A Secure VPN

Using the right VPN can keep you safe online. ExpressVPN is a great VPN that provides security against malwares and online attacks while also keeping your online activity protected. You can read our full review on ExpressVPN to learn about how it will keep you safe online.

ExpressVPN: A Quick Overview

ExpressVPN product + logo


  • High-Speed Servers in 94 countries.
  • Unblock Amazon Prime, Disney+, Netflix, Hulu, HBO, BBC iPlayer, and more.
  • Unbeatable Security Encryption with OpenVPN (TCP/UDP), L2TP, IPSec, IKEv2, and ExpressVPN’s own Lightway protocol.
  • Full torrenting support (dedicated P2P servers) with split tunneling.
  • 5 simultaneous device connections or unlimited connections with an ExpressVPN-compatible router.
  • Zero-log policy to protect your privacy.
  • Compatible with Windows, Mac, iOS, Android, Linux, Game Consoles, routers, and more.
  • Network Lock kill switch.
  • 24/7 Customer Support.
  • 30-day money-back guarantee.

Exclusive Offer!

VPNhelper readers can get extra three months free with a 12-month ExpressVPN subscription. That’s a 49% saving!

ExpressVPN is a premium VPN that’s accessible to anyone. The app interface is modern, minimal, and 💻user-friendly, and the service itself is available on all major devices including Android, iOS, Windows, and macOS. Whatsmore, you can use your subscription to connect up to five devices at a time so everyone in your family is protected.

ExpressVPN is a great choice for unblocking geo-restricted content in different platforms such as NetflixHuluDisney+Amazon Prime, and other streaming apps.

Not only that ExpressVPN supports unlimited P2P torrenting, and comes with a 30-day money-back guarantee, so you can try it out risk-free.


Yes, you can still be tracked or hacked despite using a VPN under these circumstances. However, they are all preventable except for one.

CircumstancesProbability of being TrackedPrevention
1. Seizure of a VPN server that collects and retains dataLowDon’t use a VPN that collects and retains Data.
2. A malware lurking in your device Very much possibleAlways keep a malware blocker on your device for routine checks.
3. A DNS leak PossibleUse a premium VPN like ExpressVPN.
4. Cookies on social media websites Very much possibleAlways “Block all Cookies” on your browser or social media websites.
5. Digital Fingerprinting Most trackers still use digital fingerprinting.Make sure you are still using a VPN to minimize fingerprint data.

Put simply, using a VPN does keep you safe to a large extent. The only situations where you may end up being hacked or tracked are hard to comprehend. Most of the circumstances where you might be unsafe when using a VPN are very much preventable, except for digital fingerprinting.

FAQs Related To VPN Tracking & Hacking

Who Can Track Me Despite Using VPNs?

The only way you can be tracked online despite using A VPN is by a malware on your device. VPNs like ExpressVPN can keep you safe from DNS leaks and also prevent the storing of cookies on websites.

Can A VPN Still Protect Me?

Yes, a VPN keeps your identity protected online by masking your IP addresses and hiding the websites that you visit. The encryption of most premium VPNs is unbreakable and would take more than a million years to brute-force. You are definitely safer on the internet with a VPN than without.

Who Uses Digital Fingerprinting?

Many trackers and third-party advertisers use digital fingerprinting. It is generally done through browser or browser extensions, and can be prevented by using a trustworthy browser. For Example, Google is against digital fingerprinting, but we can’t be too sure it doesn’t use it.

About Shafi Shaikh

I'm Shafi, a cybersecurity expert revolving around everything related to digital privacy and freedom. I was born and raised in the middle east, which probably explains my interest in both. I also review the most reliable VPNs to ensure their reliability. I joined VPN Helpers as I felt it was the right spot to advocate for digital freedom while also actually providing ways to achieve it to the general public. From providing unbiased and honest VPN reviews to tools that help protect your privacy, VPN Helpers does it all.

Leave a Comment