A popular Android app for finding Wi-Fi hotspots has exposed the passwords of more than 2 million wireless networks. The program, which has been used by thousands of people, is used to search for Wi-Fi networks that are within range of the device. In addition, users have the ability to download passwords from known access points, thereby allowing other people to interact with these networks.
It turned out that the database, which stored millions of passwords from Wi-Fi networks, was not protected. Any user could download all the information contained in it. An unprotected database was discovered by information security researcher Sanyam Jain. He said that he tried to contact the developers of the application for more than two weeks to report this problem, but achieved nothing. Ultimately, the researcher established a connection with the owner of the cloud space in which the database was stored. After that, application users were notified of the existence of the problem, and the database itself was removed from access.
It is worth noting that each entry in the database contained data on the exact location of the access point, network name, service identifier (BSSID), and password for connection. The description of the application states that it can only be used to access public hotspots. In fact, it turned out that a significant part of the database consisted of records about users' home wireless networks.
Source: 3dnews.ru