A security Discovery researcher found that user data connected to free Wi-Fi hotspots at several train stations in the UK is stored in a non-password-protected database. The database contains 146 million records, including email addresses, age ranges, travel reasons, device data and other logs.
C3UK, which operates the database, restricted public access to the database on Friday, 14 February, the same day the report was reported. Such a public e-mail database increases the risk of targeted phishing attacks, according to Jeremiah Fowler, who discovered the problem.
Researchers say many people use their real names as part of their email addresses and further expose their identities. In this case, anyone with an Internet connection can see the site, timestamp, ads they might see, the zip code where they live, and so on. Each piece of information is basically a puzzle piece that can be used to describe the user’s true identity.
As more and more free Wi-Fi hotspots begin to appear around towns, providers and consumers will have to start thinking about how to better protect their data. For end users, tools such as Jigsaw’s Intra or virtual private networks can better protect data.