Brian Krebs posts on Mastodon:
BrianKrebs: This has to be the dumbest, riskiest, least effective and most expensive way to steal credentials. If you’re going to commit multiple federal offenses, maybe don’t do them in a confined space of <300 people whose names are on a manifest.
“Australia’s Federal Police (AFP) has charged a man with running a fake Wi-Fi networks on at least one commercial flight and using it to harvest fliers’ credentials for email and social media services.”
https://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/
The link, is to an article titled Police allege ‘evil twin’ of in-flight Wi-Fi used to steal passenger’s credentials goes in to detail on what the gentleman did and what he’s charged with.
While he may not have used the data collected, people were duped in to handing over creds he could’ve used at any time.
No free WIFI should ask for a password unless its configured to do so and the password is known.
But most free WIFI don’t require a password.
I know Hotels protect with a password which they do provide you like your room number as an example, because of the page you land on when you first connect.