Submitted via IRC for Bytram
A hotspot finder app exposed 2 million Wi-Fi network passwords – TechCrunch
A popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks.
The app, downloaded by thousands of users [Ed: link appears to have been removed], allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use.
That database of more than two million network passwords, however, was left exposed and unprotected, allowing anyone to access and download the contents in bulk.
Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch.
We spent more than two weeks trying to contact the developer, believed to be based in China, to no avail. Eventually we contacted the host, DigitalOcean, which took down the database within a day of reaching out.
“We notified the user and have taken the [server] hosting the exposed database offline,” a spokesperson told TechCrunch.
Each record contained the Wi-Fi network name, its precise geolocation, its basic service set identifier (BSSID) and network password stored in plaintext.
[...] Tens of thousands of the exposed Wi-Fi passwords are for networks based in the U.S.
(Score: 2) by kazzie on Wednesday April 24 2019, @10:28PM
Many small hotels and coffee shops set a password on their "free" wifi, then post said password on the wall for all their customers to read and use.
(It's to discourage passers-by from lingering in the street to get free internet access, I guess.)