Millions of WiFi passwords leaked by popular Android hotspot finder app
Listen, I’m only going to say this once – don’t share your passwords!
Another day, another breach, this time from a popular WiFi hotspot finder app. The Android app in question, WiFi Finder, leaked over two million network passwords by leaving its database unprotected.
The handy app lets users search for WiFi networks in their local area, and then connect to those it already has credentials for in its database. The app also invites users to share their WiFi hotspot passwords, which then uploads the WiFi credentials stored on their devices to the central database. That means that home network passwords were also grabbed off devices, making the leaking of the passwords pretty serious indeed.
The app developer only mentions that the app provides passwords for public hotspots, but TechCrunch found that wasn’t the case – “countless home WiFi networks” were among the passwords in the database. As all the networks in the database included geolocation data, overlaying that with a map showed so-called Public hotspots in heavily residential areas, or where no businesses existed.
With over 100k downloads according to the Google Play Store, that could mean that anywhere up to that number of home networks were leaked by the unsecured database
TechCrunch tried to contact the developer to rectify the situation, and when that failed, reached out to the hosting provider, DigitalOcean, which took down the database.
The app also doesn’t ask for permission from the network owner, making a mockery of WiFi security. If an attacker used the app to get onto your home network, they could do all kinds of malicious activities to your data, including reading the unencrypted traffic that might contain other passwords.
TechCrunch says that tens of thousands of the leaked WiFi passwords from that two million total are from US-based networks. If you know you’ve used that app, change your WiFi password asap.
As we’ve seen recently from Facebook vacuuming up other types of credentials, it should go without saying that your secrets are just that – secret. Don’t share your passwords with anyone or any app/program/website that you don’t trust, and don’t share them at all if you don’t have to. You can share passwords with most password managers via a link, where the person receiving it won’t even see your credentials.
- OnePlus CEO squashes some OnePlus 7 rumors while confirming others
- Samsung Galaxy Fold consumer launch delayed due to failure of simplicity of design
- Facebook did something this week that wasn’t terrible (yet)
- For some reason, Netflix is testing out a Random Episode button
- Google is now giving European Android users a choice of which browser to install