2 million passwords would have been exposed by the database of an application that allowed to connect to access points for free.
An application called Wifi Finder, downloaded by thousands of people, which allowed Internet users to connect to free access points through a mechanism of information sharing, would have exposed the passwords of 2 million networks.
If this has not been confirmed by the developer, this is in any case what indicates the site TechCrunch. According to his explanations, the database containing these passwords was unprotected, which would have allowed anyone to access it. This breach was allegedly discovered by Sanyam Jain, a member of the GDI Foundation.
What is strange is that despite the popularity of the application, its developer is not very well known and seems difficult to contact. TechCrunch reportedly tried to contact this developer (who would be based in China) for two weeks, but without success. On the other hand, the host of the database, DigitalOcean, was contacted and decided to withdraw it. "We warned the user and put the [server] hosting database exposed offline," said a spokesman.
But the password would be enough for malicious people to break into the Wifi network of a person (including a guest for example shared the Wifi password on the application) and to conduct attacks.
In any case, this kind of incident reminds us of the importance of taking all necessary precautions to protect the data on computer or smartphone , even when not on a public Wifi.
An application called Wifi Finder, downloaded by thousands of people, which allowed Internet users to connect to free access points through a mechanism of information sharing, would have exposed the passwords of 2 million networks.
If this has not been confirmed by the developer, this is in any case what indicates the site TechCrunch. According to his explanations, the database containing these passwords was unprotected, which would have allowed anyone to access it. This breach was allegedly discovered by Sanyam Jain, a member of the GDI Foundation.
What is strange is that despite the popularity of the application, its developer is not very well known and seems difficult to contact. TechCrunch reportedly tried to contact this developer (who would be based in China) for two weeks, but without success. On the other hand, the host of the database, DigitalOcean, was contacted and decided to withdraw it. "We warned the user and put the [server] hosting database exposed offline," said a spokesman.
An important database of confidential information
Each line of this database included the name of the Wifi, its geolocation, its BSSID and the password. In addition to public Wifi, this database also included information on Wifi located in strictly residential areas, explains TechCrunch. On the other hand, no personal information is affected.But the password would be enough for malicious people to break into the Wifi network of a person (including a guest for example shared the Wifi password on the application) and to conduct attacks.
In any case, this kind of incident reminds us of the importance of taking all necessary precautions to protect the data on computer or smartphone , even when not on a public Wifi.