Unpacking the “Surfshark Scandal”: A Closer Look at the Concerns

Here’s how to really understand the “Surfshark scandal” and what it means for you, whether you’re a long-time user or just thinking about signing up. When you hear the word “scandal,” it often conjures up images of major data breaches, shady dealings, or companies outright lying to their customers. With a service like Surfshark, which is all about privacy, any sniff of controversy can be pretty alarming. So, let’s get straight to it: is Surfshark truly embroiled in a scandal, or are these just bumps in the road for a popular VPN service?

The short answer is, like with many tech companies, Surfshark has faced its share of questions and critical moments. While you won’t find evidence of a widespread, catastrophic “Surfshark data breach” of their own user data or a fundamental flaw that makes Surfshark unsafe, there have been a few specific incidents and ongoing discussions that people have flagged. These include concerns about who is behind Surfshark, discussions around their no-logs policy, a past issue regarding their “HackLock” feature, a technical critique about root certificates, and a very recent class-action lawsuit over auto-renewal fees. This guide will break down each of these points, giving you the full picture so you can decide if can Surfshark be trusted with your online privacy. We’ll look at the facts, the company’s responses, and what the latest information tells us about its reliability and legitimacy.

When you’re trying to keep your online life private, picking the right VPN is a big deal. So, naturally, when whispers of a “Surfshark scandal” or “Surfshark controversy” start floating around, it’s enough to make anyone pause and wonder, “Is Surfshark legit?” Let’s dig into the main points that have caused some folks to raise an eyebrow.

The Ownership Question: Who’s Behind Surfshark?

This is one of those questions that pops up a lot when people are trying to figure out if a VPN can really be trusted. You want to know if some shady corporation or government entity is secretly pulling the strings, right?

Surfshark was founded in 2018 by Vytautas Kaziukonis. Initially, it was registered in the British Virgin Islands BVI, a location often favored by privacy-focused companies because it has no mandatory data retention laws. This sounds good on paper, but in October 2021, Surfshark actually moved its official headquarters to the Netherlands.

Now, the Netherlands is generally a good place for privacy, upholding strict GDPR requirements and having no obligation for companies to log user data. However, some privacy advocates point out that the Netherlands is also part of intelligence-sharing alliances, like the 9-Eyes alliance. For some, this raises a small flag, even if the country itself doesn’t mandate logging. Surfshark’s consistent stance and independent audits of its no-logs policy aim to reassure users that even if compelled, they wouldn’t have user data to hand over.

Then came the big news in 2022: Surfshark merged with Nord Security, the parent company behind NordVPN. This wasn’t an acquisition where one company completely swallowed the other. rather, they joined forces under one holding company, with a combined valuation reportedly reaching “Unicorn Company” status at $1.6 billion. Surfshark VPN: Unlocking Your Digital World with Security and Ease

What does this merger mean for you?
Well, both Surfshark and NordVPN have stated they continue to operate autonomously, maintaining separate brand identities, infrastructures, and product roadmaps. The idea was to streamline resources, share technical knowledge, and strengthen their position in the cybersecurity market. While this kind of industry consolidation is a trend we’ve seen with other VPN providers like Kape Technologies acquiring ExpressVPN, CyberGhost, and Private Internet Access, it does make some users a little uneasy about reduced competition and potential future integration. But for now, they function independently.

Data Breach Claims and Realities

When you use a VPN, you’re trusting them with your data. So, any mention of a “data breach” related to a VPN is a major red flag. It’s totally fair to ask, “Has Surfshark ever been compromised?”

Here’s the crucial point: Surfshark itself states it has never had a data breach of its own user accounts. They emphasize their commitment to security by operating on RAM-only servers, which are designed to wipe all data with every reboot, significantly reducing the risk of data being permanently stored or compromised. Surfshark VPN in India: Your Guide to Staying Secure and Connected

It’s easy to get confused because Surfshark also maintains a very comprehensive “Global Data Breach Statistics” tool, which tracks data breaches that happen across the internet involving other companies, not Surfshark itself. They use this tool for their “Surfshark Alert” service, which notifies users if their personal information appears in known breaches from other services. So, if you see Surfshark talking about “billions of breached accounts” or “millions of leaked passwords,” they’re usually referring to external breaches, not their own.

In short, there’s no credible evidence or documented incident of Surfshark’s own systems or user logs being breached. This is a big win for their reputation and a strong indicator that Surfshark is safe when it comes to protecting your data.

Logging Policies: What They Say vs. What They Do

The core promise of a trustworthy VPN is a “no-logs policy.” It means the VPN provider doesn’t collect, track, or store any information about your online activities, like the websites you visit, the files you download, or your IP address. If they don’t have it, they can’t hand it over to anyone, even if legally compelled.

Surfshark explicitly states it has a strict no-logs policy. But how do we know they’re actually sticking to it? This is where independent audits come in, and Surfshark has been pretty proactive here.

Surfshark VPN on iOS: What Reddit Users Really Think (And My Take!)

• Cure53 Audits: Early in its operation, Surfshark underwent an audit by Cure53, a reputable German cybersecurity firm, which evaluated their server infrastructure and browser extensions. They found no significant concerns.
• Deloitte No-Logs Audits: More impressively, Surfshark has had its no-logs policy independently verified by Deloitte, one of the “Big Four” auditing firms. This isn’t a one-time thing either. Deloitte has conducted multiple audits, with the latest confirmation happening in June 2025. These audits involved a thorough examination of Surfshark’s IT systems, server configurations, deployment processes, and internal management to ensure compliance with their no-logs claims. The positive results from these audits provide strong, factual evidence that Surfshark doesn’t record user data, reinforcing the idea that Surfshark VPN is reliable and trustworthy.

While their move to the Netherlands a 9-Eyes country could theoretically be a concern for some, these repeated, successful independent audits of their no-logs policy are a huge reassurance. It means even if authorities came knocking, Surfshark wouldn’t have your activity logs to provide.

Specific “Controversies” and Technical Criticisms

Beyond the general questions of ownership and logging, a couple of specific incidents have surfaced, though they’re not necessarily “scandals” in the sense of malicious intent or user data compromise.

The “HackLock” / Have I Been Pwned Attribution Issue 2020

Back in 2020, there was some discussion surrounding Surfshark’s “HackLock” feature. This feature was designed to let users check if their email addresses had been compromised in data breaches. The issue was that it appeared to be powered by Troy Hunt’s widely respected “Have I Been Pwned” HIBP database, a free service. The criticism, highlighted in a YouTube video, was twofold:

Surfshark VPN: Jeden Abonament, Nieskończona Ochrona – Na Ile Urządzeń Naprawdę Działa?

1. Lack of Attribution: Surfshark allegedly didn’t properly attribute HIBP as the source of the data, which is a requirement of HIBP’s licensing terms.
2. Charging for Free Data: Some users and critics felt it was “shady” for Surfshark to charge for a service as part of a bundle, not necessarily a standalone charge that essentially pulled from a free, publicly available database.

Troy Hunt, the creator of HIBP, confirmed that while the lack of attribution was a licensing violation, charging for a bundled service using his API wasn’t against his terms. He primarily wanted proper attribution.

What happened next?
This issue was raised and discussed in the cybersecurity community. It’s likely Surfshark addressed the attribution aspect, as transparency in sourcing data breach information is crucial. While it highlighted a misstep in proper credit, it wasn’t a “Surfshark scandal” in terms of user data being exposed or Surfshark operating maliciously. It was more about adhering to open-source guidelines and ethical business practices. Today, Surfshark Alert continues to offer data breach monitoring, and the emphasis is on protecting users.

The Root Certificate Installation Debate 2022

In April 2022, a report by AppEsteem researchers raised concerns about Surfshark, among other VPNs, regarding their security design on Windows. Specifically, it highlighted that the Surfshark app installed a “Trusted Root Certificate Authority security certification.”

Why was this an issue?
Installing a root certificate gives an application a significant amount of control and influence over a device’s security. If a company’s own root CA certificate were ever compromised, it could theoretically undermine all of a device’s data and communication security. Researchers also noted other issues, like components of the app continuing to run after uninstallation and insufficient information on subscription cancellations. Master Your Instagram Experience with Surfshark VPN: A Complete Guide

Surfshark’s Response:
Surfshark acknowledged these concerns and stated they cooperated closely with AppEsteem to fix the highlighted issues. They confirmed that all identified problems had been addressed, and updates were rolled out to Windows users. They also explained that they were working on phasing out the IKEv2 protocol, which necessitated the root certificate, and focusing on WireGuard and OpenVPN protocols to eliminate this need in the future.

This was a technical security critique rather than a “scandal.” It prompted Surfshark to refine its security practices and provide greater clarity, demonstrating a commitment to addressing vulnerabilities when they’re brought to light. It doesn’t mean Surfshark is unsafe in general, but rather that like all software, it can have areas for improvement.

The Auto-Renewal Lawsuit July 2025

This is the most recent “Surfshark controversy” and it’s a significant one. In July 2025, a class-action lawsuit was filed against Surfshark in California’s Central District Court.

Surfshark VPN: What Redditors Really Think in 2025

What’s the claim?
The plaintiff, Arvin Garcia, alleges that Surfshark enrolled him and other California consumers in automatically renewing annual plans without his clear consent. According to the lawsuit, Garcia purchased a two-year subscription in May 2020, believing it was a one-time purchase. However, after it expired, he was allegedly charged for yearly renewals in May 2022, 2023, and 2024, without his knowledge or consent.

The lawsuit claims Surfshark violated California’s Automatic Renewal Law ARL and the False Advertising Law. The ARL requires companies to provide “clear and conspicuous” disclosures about auto-renewal plans and obtain “affirmative consent.” This isn’t an isolated incident. similar complaints are reportedly being faced by other major VPN providers like NordVPN and ExpressVPN in the US.

Current Status:
As of late August 2025, Surfshark has been approached for comment but has not publicly responded to this specific lawsuit yet. This is an ongoing legal matter, and its outcome could have implications for how VPN services handle their subscriptions, particularly in regions with strong consumer protection laws.

What should you do?
If you’re a Surfshark subscriber, especially in California, it’s wise to review your subscription details carefully. Always be mindful of auto-renewal settings for any service you sign up for, and ensure you understand the terms before committing. This issue highlights a common pain point for many consumers across various subscription services, not just VPNs.

Surfshark VPN Pricing Plans: A Detailed Breakdown

“The App Couldn’t Reach Surfshark Systems” – A Real Scandal?

If you’ve ever tried to connect to Surfshark and seen a message like “The app couldn’t reach Surfshark systems,” you might wonder if it’s part of some larger “Surfshark scandal” or if the service is unreliable.

The good news is, this isn’t a scandal at all. It’s a common technical troubleshooting issue that many VPN users encounter, regardless of the provider. It simply means your device is having trouble establishing a connection with Surfshark’s servers or services.

Common Causes and Fixes:
Surfshark’s support documentation, as well as many user experiences on platforms like Reddit, point to several typical culprits:

• Connectivity Issues: Your own internet connection might be unstable.
• Outdated App: An old version of the Surfshark app can lead to compatibility problems.
• Conflicting VPNs/Software: Running another VPN, a firewall, or antivirus software that’s blocking Surfshark can interfere.
• Network Restrictions: If you’re in a country with heavy internet censorship, it can be harder for the app to connect.
• Incorrect Protocol: Sometimes, switching the VPN protocol e.g., from Automatic to WireGuard or OpenVPN UDP can help.
• Device-Specific Settings: IPv6 settings or custom DNS can sometimes cause issues.

Quick Fixes:
Usually, a few simple steps can resolve this: Surfshark VPN on Huawei: Your Complete Guide to Security and Freedom

1. Update the app.
2. Restart your device and router.
3. Try a different server location within the Surfshark app.
4. Temporarily disable other VPNs, firewalls, or antivirus programs to see if they’re causing a conflict, then add an exception for Surfshark.
5. Reinstall the Surfshark app.

So, while seeing that error message can be frustrating, it’s rarely indicative of a deeper problem with Surfshark’s integrity. It’s more of a “tech hiccup” that usually gets sorted out with standard troubleshooting.

Customer Service and Account Suspension Concerns

You’d think a VPN service, which is all about trust, would have top-notch customer support. Most of the time, Surfshark gets good marks for its 24/7 live chat support and help center. But like any large service, there are always some users who have had less-than-ideal experiences.

A notable example came from a Reddit post in February 2024, where a user reported their Surfshark account being unexpectedly suspended without a clear explanation. They mentioned being met with “vague responses citing a ‘breach of their Terms of Service’” and a “complete lack of transparency and accountability” when asking for specific details. Other users in the comments shared similar frustrations, including an account suspended after traveling to a country with heavy restrictions like China, again without clear reasons. How to Set Up Surfshark VPN: Your Ultimate Guide to Online Freedom

What does this tell us?
While these experiences are frustrating for the individuals involved, they don’t necessarily point to a “Surfshark scandal” in the sense of a security breach or malicious activity. Instead, they highlight potential areas for improvement in customer communication and transparency regarding automated system flags or terms of service violations. When a company relies on automated systems to detect “breaches,” it’s crucial that they can also provide clear, human-understandable explanations and recourse for their users. This is an important aspect of trust and something many services struggle with.

Can Surfshark Be Trusted? The Bottom Line

After looking at the various points of “controversy” and “scandal” surrounding Surfshark, what’s the overall picture?

From a technical and security standpoint, Surfshark comes out looking pretty strong. How Good is Surfshark VPN? Your Honest Look

• Strong Encryption and Protocols: They use industry-standard AES-256 encryption and secure protocols like WireGuard and OpenVPN.
• Audited No-Logs Policy: The multiple independent audits by Cure53 and Deloitte confirming their no-logs policy are a significant trust factor. This means they genuinely don’t collect data that could identify your online activities.
• RAM-only Servers: Their move to RAM-only servers further enhances privacy by ensuring data is regularly wiped.
• No Documented Internal Data Breaches: Surfshark consistently states it has never experienced a breach of its own user data.

The “scandals” that have popped up are mostly either:

• Older issues that were addressed: Like the “HackLock” attribution, which was a transparency issue, not a security flaw.
• Technical critiques that led to improvements: The root certificate discussion resulted in Surfshark clarifying its practices and planning future changes.
• Common technical support issues: “The app couldn’t reach Surfshark systems” is just a connection error, not a sign of a deeper problem.
• Industry-wide challenges: The auto-renewal lawsuit is a common complaint across many subscription services, including other VPNs. It points to a need for better clarity in subscription practices, rather than a fundamental privacy flaw with Surfshark’s core VPN service.
• Customer service experiences: While frustrating for some, isolated incidents of account suspension without clear explanations are about communication and process, not core security.

So, to answer “Can Surfshark be trusted?” – yes, for the vast majority of users concerned about online privacy and security, Surfshark is a trustworthy and legitimate VPN provider. They’ve put in the work with independent audits and strong security features to back up their claims. While the auto-renewal lawsuit is a recent concern, it’s about billing practices, not the security or logging of your VPN connection itself.

Like any service, it’s always smart to stay informed, read the terms, and manage your subscriptions carefully. But based on the evidence, Surfshark continues to be a highly-rated and reliable choice for securing your internet activity.

Frequently Asked Questions

What is the Surfshark scandal people are talking about?

When people mention “Surfshark scandal,” they are typically referring to a few historical or ongoing concerns, not a single major catastrophic event. These include an older issue regarding attribution for their “HackLock” feature which checked for data breaches, a technical critique about their use of root certificates on Windows apps which they addressed, customer complaints about account suspensions and communication, and a very recent class-action lawsuit in July 2025 regarding alleged “illegal” auto-renewal fees. There has been no documented “Surfshark data breach” of their own user logs.

How to Watch Hulu with Surfshark: Your Step-by-Step Guide

Is Surfshark safe to use for my online activities?

Yes, Surfshark is widely considered safe and secure for your online activities. They employ robust security features like AES-256 encryption, use secure VPN protocols WireGuard, OpenVPN, and operate on RAM-only servers designed to wipe data regularly. Crucially, their strict no-logs policy has been verified by multiple independent audits from reputable firms like Cure53 and Deloitte, confirming that they do not collect your online activity data.

Can Surfshark be trusted with my personal data?

Based on independent audits and their strong technical infrastructure, Surfshark can be trusted with your personal data. Their audited no-logs policy means they don’t store information about your browsing history, IP address, or traffic, so even if compelled by authorities which is unlikely given their no-logs status, they wouldn’t have any identifiable data to provide. They also state they have never experienced a data breach of their internal user information.

Who owns Surfshark and is it owned by China?

Surfshark was founded by Vytautas Kaziukonis in 2018. In 2022, Surfshark merged with Nord Security, the parent company of NordVPN. Both brands continue to operate independently. Surfshark’s headquarters are in the Netherlands. There is no evidence or credible information suggesting that Surfshark is owned by China or has any ties to the Chinese government.

Surfshark VPN: A Journey from Startup to Cybersecurity Powerhouse

What does “Surfshark the app couldn’t reach Surfshark systems” mean?

This message is typically a common technical connection error, not a “Surfshark scandal” or indication of a compromised service. It means the Surfshark app on your device is having trouble connecting to their servers. Common solutions include updating the app, restarting your device and router, disabling conflicting software like other VPNs or firewalls, trying a different server, or changing your VPN protocol settings.

Is Surfshark legitimate or a scam?

Surfshark is a legitimate and well-regarded VPN service, not a scam. It consistently receives positive reviews from cybersecurity experts and everyday users for its robust security features, strong privacy policy, and good performance. The company is transparent about its operations, has undergone successful independent audits of its no-logs policy, and is a founding member of the VPN Trust Initiative, which promotes transparency and accountability in the VPN industry.

0.0 0.0 out of 5 stars (based on 0 reviews) Excellent0% Very good0% Average0% Poor0% Terrible0% There are no reviews yet. Be the first one to write one. Your review Your overall rating Select a Rating5 Stars4 Stars3 Stars2 Stars1 Star Title of your review Your review Your name Your email This review is based on my own experience and is my genuine opinion. ​ Submit Review

Amazon.com: Check Amazon for Unpacking the “Surfshark Latest Discussions & Reviews: