Breach, Data Security, Network Security

App leaves over 2 million WiFi network passwords exposed on open database

More than two million WiFi network passwords were reportedly left exposed on an open database by the developer of WiFi Finder, an app designed to help device owners find and log in to hotspots.

The developer, Proofusion, claims its product only lists passwords for public Wi-Fi networks offered by the likes of restaurants and other high-traffic locations; however, information belonging to "countless" home networks were also included in the exposed data, according to a TechCrunch report published today. Exposed data typically included a Wi-Fi network's name, geolocation, basic service set identifier and network password.

Security researcher Sanyam Jain, a member of the GDI Foundation, is credited with discovering the misconfigured database. TechCrunch says it contacted Proofusion multiple times over a two-week span, but never received a response. Ultimately, the database was reportedly taken down by its host, DigitalOcean.

TechCrunch says thousands of users have downloaded the app, which reportedly does not require to seek permission from WiFi network owners before uploading and sharing their passwords so that others can use them.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.
Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related

Oracle Cloud data breach claims repudiated

Oracle has dismissed the purported compromise of its Oracle Cloud single sign-on servers after threat actor 'rose87168' claimed to exfiltrate six million records belonging to the firm's customers, including encrypted Oracle Cloud SSO and LDAP passwords, Java KeyStore files, and Enterprise Manager JPS keys, among others, reports The Register. "There has been no breach of Oracle Cloud.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BandwidthBlock CipherCache PoisoningCall Admission Control (CAC)ChecksumCipherCircuit Switched NetworkCollisionCryptanalysisDomain Name System (DNS)

You can skip this ad in 5 seconds