Are you using 'WiFi Finder'?

If so, be advised that your network password has likely been exposed, based on research conducted by Sanyam Jain, of the GDI Foundation.

Jain discovered an unprotected database online associated with the app that contained more than two million network passwords.

He reported his findings to Zack Whittaker of TechCrunch, and the two of them spent more than two weeks trying to contact the Chinese-based developer to no avail. When that effort failed, they contacted DigitalOcean, the company hosting the database, and they promptly pulled it offline.

The app grabs private wifi hotspots too!

As to the app itself, WiFi Finder is very good at what it does, and it does what the name suggests. It searches for WiFi hotspots and maps them, giving users the ability to upload all their stored WiFi passwords.

Unfortunately, the app isn't picky.  It makes no distinction between public and private hotspots.  If your neighbor has an unprotected router, it'll show up on the list.

According to statistics obtained from Google, WiFi Finder has been downloaded more than 100,000  times. Given how many WiFi hotspots there are all over the world, each user is bound to have a dozen or more mapped by the app, which translates into a lot of hotspots in the database, considering the size of the database Jain found.

If there's a bright spot to be found in the incident, the database did not include contact information for the WiFi owners. However, it did contain geolocation data, and of course, if you saved your passwords in the app, then that was included as well.

Our perspective

If you're currently using the app, to be safe, you should probably delete it and find a better option. Then change your Wi-Fi passwords, as there's no telling who may now have access.

Meanwhile, check out this report

Free Executive Report: 10 Hidden IT Risks That Might Threaten Your Business

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. We specialize in managed IT support for smaller healthcare practices, financial services firms, and nonprofits in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your association.