The popular Wi-Fi Finder app that is used by thousands of users has exposed around 2 million Wi-Fi passwords. The compromise was spotted by Sanyam Jain, a cybersecurity researcher, who reported it to a news website.
The Wi-Fi Finder app allows any user to look up Wi-Fi networks in a close by area. Further, a user can also upload Wi-Fi network passwords from their devices to the app’s database for others. But Jain found that a Wi-Fi Finder database of more than two million network passwords was left exposed and allowed anyone to access it. It is believed that thousands of passwords exposed are for the networks located within the U.S.
Attempts to reach Wi-Fi Finder’s developer (who is based in China) were done for more than two weeks to no avail. They eventually contacted the cloud host, DigitalOcean, which took the database offline.
The database which was found online consisted of Wi-Fi network passwords, its geolocation, and its BSSID along with the network password in plaintext. But the database also revealed that the app had stored information of Wi-Fi networks in the residential areas whereas the app claims to provide passwords for only public hotspots.