More than two million WiFi network passwords were reportedly left exposed on an open database by the developer of WiFi Finder, an app designed to help device owners find and log in to hotspots.
The developer, Proofusion, claims its product only lists passwords for public Wi-Fi networks offered by the likes of restaurants and other high-traffic locations; however, information belonging to "countless" home networks were also included in the exposed data, according to a TechCrunch report published today. Exposed data typically included a Wi-Fi network's name, geolocation, basic service set identifier and network password.
Security researcher Sanyam Jain, a member of the GDI Foundation, is credited with discovering the misconfigured database. TechCrunch says it contacted Proofusion multiple times over a two-week span, but never received a response. Ultimately, the database was reportedly taken down by its host, DigitalOcean.
TechCrunch says thousands of users have downloaded the app, which reportedly does not require to seek permission from WiFi network owners before uploading and sharing their passwords so that others can use them.