WiFi Hotspot App Exposed Over Two Million Passwords in Plain Text
The data is reportedly offline now, but had previously left login credentials and geolocations of many private Wi-Fi networks online, without encryption.
WiFi Hotspot App Exposed Over Two Million Passwords in Plain Text (Getty Images)
A popular public Wi-Fi hotspot finder application had left its database of Wi-Fi network credentials, including geolocation and login credentials, connected to the internet, and without any form of protection. The issue, spotted by security researcher Sanyam Jain and reported by TechCrunch, has been seemingly resolved since brought to light, and the database host has taken down all the data in a bid to prevent a potential cyber catastrophe.
However, the latest incident marks a series of similar lapses in reasonable cyber security steps that are expected of services, with databases left online without any form of encryption, or even a password. The app in question is meant for sharing public Wi-Fi hotspots while users connect to it, and automatically uploads such passwords to an online database. However, while uploading public network credentials, the app also uploaded a large set of private network data, complete with login credentials and geolocation details to the server.
To make things worse, all of this, along with each network’s BSSID (basic service set identifier), which can be used to identify and track down a network, was uploaded online and stored in plain text, making it available for anyone to read. The security implications are ominous, for any user with malicious intent can tap into the data, modify router settings and redirect users into genuine-looking sites ridden with all forms of malware, which could in turn lead into phishing or ransomware attacks.
Thankfully, there were no private contact details included within the database. This marks yet another close shave in terms of severe personal data damage, and another win for white hat cyber security researchers in the endless saga of cyber warfare.
Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.
Recommended For You
- Janhvi Kapoor Steps Out With Price Tag Attached to Outfit
- PUBG Mobile: Payload Mode Lands Today, Here’s Everything You Need to Know
- Bigg Boss 13: Abu Malik Says Shehnaz Gill Has Support of Salman Khan
- Sara Ali Khan's Bikini Pics from Sri Lankan Getaway Are Proof of Beachside Vacay Done Right
- Mozilla Firefox 70 Turns The Tables And Now You Can Track What is Tracking You