Are My In-Laws’ Wi-Fi Credentials Secretly Used by Their Neighbors?

This is quite an unusual situation I’ve stumbled upon, and I believe it merits a discussion. As someone with a background in Computer Science and Cyber Security Consultancy, I thought it prudent to seek advice here before approaching any professional contacts.

Currently residing with my spouse’s parents in the UK, they rely on Virgin Media as their Internet Service Provider (ISP), utilizing a Hub 3 router. The device is set up with factory default settings, which means their Wi-Fi network name (SSID) and password are visible on a sticker affixed to the router.

Given the number of people now living in the household, the Hub 3 began to struggle under the demand. To alleviate this, I purchased a high-performance router intending to set the Hub 3 into modem mode for improved routing capabilities. However, I encountered an unexpected anomaly: my phone maintained a weak connection to the Virgin router, which was fully powered off.

Curious, I employed a Wi-Fi analyzer app to locate the strongest signal within the house. Surprisingly, I discovered that the back of the residence—especially my in-laws’ bedroom—boasted a remarkably strong connection from a mysterious access point. This was particularly bizarre, as my in-laws were adamant that no other access point existed in their home.

Delving deeper, I concluded that the internet connection was, in fact, emanating from the neighboring property. Upon further inspection, the connection was identified as coming from a TalkTalk router, distinctly different from the Virgin service my in-laws subscribe to.

What’s more, I conducted a WHOIS lookup and confirmed that the public IP address was indeed linked to a TalkTalk connection. The situation became even stranger when I realized that this access point was secured with my in-laws’ SSID and WPA2 password.

The neighboring house is a rental, consistently occupied by different tenants. It’s unclear how long this unauthorized access has been happening, but my in-laws have used the same credentials for approximately 2.5 years.

I speculated a few theories regarding how this could have occurred:

Possible Scenarios

Innocent Explanation:
1. Someone from the neighboring house may have originally obtained my in-laws’ Wi-Fi credentials through means like overhearing information, seeing the sticker through a window, or possibly brute-force attack.
2. This individual might have then shared the credentials with other residents, unaware that the connection was unauthorized.