One of the virtual private network (VPN) providers claimed to be leaking user data because of a lack of IPv6 support has acknowledged the problem and is working on an update.
HideMyAss was responding to a survey from Queen Mary University in London which found that 11 out of 14 VPN providers are exposing personal information through a vulnerability known as IPv6 leakage.
This could be damning for such privacy services, many of which have seen increased use since the Edward Snowden PRISM revelations of 2013,
HideMyAss said that it agrees with the report and is working towards IPv6 support.
"HideMyAss is aware of the report. While we agree with the researchers that there is no silver bullet when it comes to security, the report does not make it clear that only a minority of VPN users will be affected due to the very low adoption rates worldwide for IPv6 (~6%)," the firm explained.
"While we do not provide IPv6 VPN services, we have already been working to address issues with IPv6 - future versions of our clients will address the IPv6 issue noted in the report."
The report, a paper entitled A Glance Through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN Clients (PDF) named the tested providers, and V3 asked a number of the companies for their responses.
The report authors said that hundreds of thousands of people use VPN services to access sites like iPlayer or Netflix, pointing to a Global Web Index report which found that 20 percent of Europeans have adopted such tools.
The paper said that services used to encrypt connections and communications are used for a variety of reasons, including to "circumvent censorship, avoid mass surveillance or access geographically limited services".
The researchers looked at 14 VPN providers and found that 11 are vulnerable to IPv6 leakage. VPNs are able to deal only with IPv4 traffic, and the problem occurs when a user visits a page that uses the IPv6 protocol.
The researchers are concerned that this exposes VPN users to a breach of privacy, the very thing that they are trying to avoid.
"There are a variety of reasons why someone might want to hide their identity online and it's worrying that they might be vulnerable despite using a service that is specifically designed to protect them," said Dr Gareth Tyson, a lecturer at the university and a co-author of the study.
"We're most concerned for those people trying to protect their browsing from oppressive regimes.
"They could be emboldened by their supposed anonymity while actually revealing all their data and online activity and exposing themselves to possible repercussions."
Q3 losses reverse Q2 gains
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security'
Kaspersky rejects FBI accusations that its products are a 'threat to national security'
But breached contractor says that it simply didn't have that much data
EE follows Three in threatening legal action against Ofcom - but for entirely different reasons