The app called “WiFi Finder” searches for nearby hotspots. Users can find public hotspots or upload Wi-Fi network passwords from their devices to the app’s database for other users.
Sanyam Jain, a security researcher and a member of the GDI Foundation, discovered that the app wasn’t just holding public network info, but the database also left data from private WiFi networks located in residential zones unsecured and unencrypted, according to TechCrunch.
The app’s database includes network names (SSID), precise geolocation, passwords, and other data. The developer claimed the app only provided passwords for “public hotspots”.
Tens of thousands of exposed Wi-Fi passwords are from networks in the U.S. If you’ve used the app, now might be a good time to change your password.