Connect with us


Millions of WiFi passwords leaked by popular Android hotspot finder app

Listen, I’m only going to say this once – don’t share your passwords!

Nondescript wifi router on table
Image: Consumer Reports

Another day, another breach, this time from a popular WiFi hotspot finder app. The Android app in question, WiFi Finder, leaked over two million network passwords by leaving its database unprotected.

The handy app lets users search for WiFi networks in their local area, and then connect to those it already has credentials for in its database. The app also invites users to share their WiFi hotspot passwords, which then uploads the WiFi credentials stored on their devices to the central database. That means that home network passwords were also grabbed off devices, making the leaking of the passwords pretty serious indeed.

The app developer only mentions that the app provides passwords for public hotspots, but TechCrunch found that wasn’t the case – “countless home WiFi networks” were among the passwords in the database. As all the networks in the database included geolocation data, overlaying that with a map showed so-called Public hotspots in heavily residential areas, or where no businesses existed.

With over 100k downloads according to the Google Play Store, that could mean that anywhere up to that number of home networks were leaked by the unsecured database

TechCrunch tried to contact the developer to rectify the situation, and when that failed, reached out to the hosting provider, DigitalOcean, which took down the database.

The app also doesn’t ask for permission from the network owner, making a mockery of WiFi security. If an attacker used the app to get onto your home network, they could do all kinds of malicious activities to your data, including reading the unencrypted traffic that might contain other passwords.

TechCrunch says that tens of thousands of the leaked WiFi passwords from that two million total are from US-based networks. If you know you’ve used that app, change your WiFi password asap.

As we’ve seen recently from Facebook vacuuming up other types of credentials, it should go without saying that your secrets are just that – secret. Don’t share your passwords with anyone or any app/program/website that you don’t trust, and don’t share them at all if you don’t have to. You can share passwords with most password managers via a link, where the person receiving it won’t even see your credentials.

Do you use any type of hotspot finding apps? Are you surprised by the news? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere. His hobbies include photography, animation, and hoarding Reddit gold.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Android