Passwords from 2 million Wi-Fi hotspots leaked on the Internet

Popular Android application for search of Wi-Fi hot spots uncovered passwords to more than two million networks.

Application that was downloaded by thousands of users allows finding nearby Wi-Fi points. It comes about Wi-Fi Finder apps that enables users to upload passwords from Wi-Fi networks in special base so other users can access them.

However, the base that contained more than two million passwords was not protected enough. As a result, anyone could enter to it and upload passwords.

Sanyam Jian, researcher from GDI Foundation, detected passwords’ database on the Internet.

“We spent more than two weeks trying to contact the developer, believed to be based in China, to no avail. ” – told expert.

Therefore, experts chosen another way – they connected with Digital Ocean, a hoster that accommodated unprotected database.

“Eventually we contacted the host, DigitalOcean, which took down the database within a day of reaching out. We notified the user and have taken the [server] hosting the exposed database offline”, — Sanyam Jain said

There is one more nuance in this story. Despite “WiFi Finder” developers argue that their base collects only passwords of public points, researchers found a series of passwords from home Wi-Fi nets. In this way, considering presence of geolocation data with saved passwords, leakage becomes even more dangerous.


Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button