"In conclusion, the reviewed scope appears to be on a good security level compared to systems of similar size and complexity." Independent review confirms Mullvads strong privacy protections
Date:
Thu, 22 Jan 2026 14:59:45 +0000
Description:
Mullvads latest security audit confirms that Mullvads account and payment services continue to meet high standards, finding no critical flaws.
FULL STORY ======================================================================A new audit has found no critical flaws in Mullvads account and payment systems
Only minor issues were identified, with no impact on user privacy Results underscore Mullvads transparency-first approach
In late 2025, Mullvad, one of the best VPN services for privacy, commissioned a comprehensive security audit of its account and payment services to prove the robustness and integrity of these critical backend systems.
X41 D-Secs audit reviewed Mullvad components that manage user
authentication, device provisioning, payment processing, and distribution of WireGuard keys, all of which are core pieces that help keep Mullvads VPN service secure for subscribers.
The publicly released results confirm the platforms security, with X41 identifying five security-relevant issues: three medium-severity and two low-severity.
Importantly, none of the issues allowed attackers to access user data or otherwise weaken Mullvads privacy guarantees. What the audit found and what it didnt
The audit by German security firm X41 D-Sec focused specifically on Mullvads account and payment infrastructure.
This included APIs responsible for account creation, authentication, device management, voucher redemption, and WireGuard key distribution. Carried out
as a white-box assessment, the review gave auditors full access to source code, configurations, and system architecture.
X41 identified a total of five security-relevant findings, three of which
were rated as medium severity and two as low severity. None of these issues enabled unauthorized access to user accounts or exposed personal data, nor
did they weaken Mullvads privacy model.
The most notable issue was a race condition in voucher handling that could allow a voucher to be redeemed more than once under specific circumstances.
Some report findings were redacted to prevent potential service disruptions. In addition to vulnerabilities, the auditors provided informational recommendations aimed at further hardening the system.
These included improved internal authentication mechanisms and configuration simplifications. What this means for Mullvad users
Mullvad has itself reiterated that the audit confirms the strength of its account and payment infrastructure, building on work undertaken following a previous audit in 2023 .
The audit reflects Mullvads ongoing commitment to transparency and proactive security practices something the company has upheld through regular external reviews of its backend systems and apps, as well as its no-logs policy .
Indeed, previous audits have also reported robust security with only minor issues identified before being promptly addressed.
For current and would-be Mullvad users, these results reinforce Mullvads reputation as a privacy-first VPN provider that not only promises strong data protections but backs up those promises through meaningful third-party evaluation.
======================================================================
Link to news story:
https://www.techradar.com/vpn/vpn-services/in-conclusion-the-reviewed-scope-ap pears-to-be-on-a-good-security-level-compared-to-systems-of-similar-size-and-c omplexity-independent-review-confirms-mullvads-strong-privacy-protections
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)