A popular Android hotspot (WiFi) search app “WiFi Finder” exposed more than 2 million WiFi passwords. Thousands of people have downloaded the WiFi Finder app, which allows users to search for nearby WiFi networks. But at the same time, the app also allows users to upload WiFi passwords from their devices to the database for others to use. This database of more than 2 million network passwords is not protected, allowing anyone to access and download the content in bulk.
Cybersecurity researcher Sanyam Jain first discovered the database and reported its findings to TechCrunch. TechCrunch tried to contact the developer but it didn’t help. Finally, TechCrunch contacted the database host DigitalOcean, which closed the database within one day.
It is reported that each record in the database contains the WiFi network name, precise geographic location, basic service set identifier (BSSID) and network password stored in plaintext.