More than 2 million passwords for Wi-Fi hotspots were leaked online by the Android app developer behind the mobile application called WiFi Finder. The passwords were part of an insecure database found by researchers at GDI Foundation.
The Android app itself did not just help users find Wi-Fi hotspots, but also supplied username and passwords that were crowdsourced by the apps users.
According to researchers, the total database included 2 million username and password pairs, with tens-of-thousands of hotspots located in the United States, according to TechCrunch, which first reported the leaky server.
GDI Foundation said the developer is based in China and the app has been downloaded “thousands” of times by users. Data included public and private hotspots, but also “countless” numbers of home Wi-Fi hotspots.
“The exposed data didn’t include contact information for any of the Wi-Fi network owners, but the geolocation of each Wi-Fi network correlated on a map often included networks in wholly residential areas or where no discernible businesses exist,” reported TechCrunch.