‘Wi-Fi Finder’, a popular hotspot finder app, has exposed nearly 2 million network passwords due to an unprotected database. The security lapse allowed anyone to sneak into the database and steal other customers’ Wi-Fi network passwords.
How was it discovered - Sanyam Jain, a security researcher and a member of the GDI foundation was the first to spot the data leak. He reported his findings of the leaky app to TechCrunch.
What data has been leaked - The unprotected database contained several records that included details about Wi-Fi network name, Wi-Fi’s precise geolocation, Basic Service Set Identifier (BSSID) and passwords. The passwords were stored in plaintext.
How can it be useful for hackers - Since the app does not require any permission from the network owner, the exposed Wi-Fi network passwords can be a valuable target for hackers. They can modify router settings in order to route unsuspecting users to malicious websites. The hackers can even use the passwords to eavesdrop across the wireless network.
Who are the most impacted - Although the number of users is unknown, it is believed that tens of thousands of exposed Wi-Fi passwords are for networks in the US.
The firm has confirmed the matter and immediately took the exposed database offline. It has also notified the affected users.