Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.


Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence


Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
Associate PartnerAssociate Partner
News18 » Tech
1-min read

WiFi Hotspot App Exposed Over Two Million Passwords in Plain Text

The data is reportedly offline now, but had previously left login credentials and geolocations of many private Wi-Fi networks online, without encryption.


Updated:April 24, 2019, 11:03 AM IST
WiFi Hotspot App Exposed Over Two Million Passwords in Plain Text
WiFi Hotspot App Exposed Over Two Million Passwords in Plain Text (Getty Images)

A popular public Wi-Fi hotspot finder application had left its database of Wi-Fi network credentials, including geolocation and login credentials, connected to the internet, and without any form of protection. The issue, spotted by security researcher Sanyam Jain and reported by TechCrunch, has been seemingly resolved since brought to light, and the database host has taken down all the data in a bid to prevent a potential cyber catastrophe.

However, the latest incident marks a series of similar lapses in reasonable cyber security steps that are expected of services, with databases left online without any form of encryption, or even a password. The app in question is meant for sharing public Wi-Fi hotspots while users connect to it, and automatically uploads such passwords to an online database. However, while uploading public network credentials, the app also uploaded a large set of private network data, complete with login credentials and geolocation details to the server.

To make things worse, all of this, along with each network’s BSSID (basic service set identifier), which can be used to identify and track down a network, was uploaded online and stored in plain text, making it available for anyone to read. The security implications are ominous, for any user with malicious intent can tap into the data, modify router settings and redirect users into genuine-looking sites ridden with all forms of malware, which could in turn lead into phishing or ransomware attacks.

Thankfully, there were no private contact details included within the database. This marks yet another close shave in terms of severe personal data damage, and another win for white hat cyber security researchers in the endless saga of cyber warfare.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

| Edited by: ---
Read full article
Next Story
Next Story

Also Watch


Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results