A hotspot finder app exposed 2 million Wi-Fi network passwords
A security researcher with the GDI Foundation has found an unsecured database that exposed over 2 million Wi-Fi network passwords. The database has now been taken down by the host upon request of the researcher, who initially reached out to the app’s developer, but received no response.
The leaky server belongs to WiFi finder, a popular Android app that lets users upload passwords for protected Wi-Fi networks so that other users of the app can connect to the network when they are in range. While the app is designed for sharing passwords of public Wi-Fi networks, users had also uploaded the passwords of numerous home networks, exposing users to unauthorized access by potential threat actors. The incident therefore serves as an example of why any form of password sharing is a terrible idea.