Keyboard maker AI.type exposes 31M customer records in latest database breach

Share

The app, available on both Android and iOS, has over 40 million users across the world.

Bizarrely, only Android users are affected by the breach, presumably because iOS user information is stored on a separate server database. The database contained the full name and email address of each user, as well as information about how many days the app had been installed on their device.

"Why would a keyboard and emoji application need to gather the entire data of the user's phone or tablet?" wrote Diachenko in the report.

The files were stored in a MongoDB database that was configured so that anyone online could access it. Researchers at Kromtech Security Center discovered the problem and notified Ai.Type last month.

The database, which appeared to contain information exclusively from Android users, belonged to AI.type co-founder Eitan Fitusi. The server has since been secured, but Fitusi did not respond when we asked for comment.

Mourinho praises Shaw in first start of season
The former Southampton star knows he must play first-team football if he is to stand any chance of making the World Cup squad. Given Shaw has yet to start a Premier League match for United this season, there has been speculation about a transfer.

So pretty much the promise of privacy, which ai.type outlines on its website has appeared to have a strong whiff of BS.

And the app touts privacy as a big focus, noting that text tapped into the keyboard is private and encrypted.

The app offers themed keyboards for phones and tablets. This is a shocking amount of information on their users who assume they are getting a simple keyboard application, ' they added. At this point, Kromtech warns that anyone who had ever downloaded and installed ai.type keyboard should consider their data out in the open.

"It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products", the company said in its blog post.

When researchers installed Ai.Type they were shocked to discover that users must allow "Full Access" to all of their data stored on the testing iPhone, including all keyboard data past and present. It also reflects how much information app developers are collecting from users without letting such users know what they intend to do with such data. The data also contained information around user's precise location, including city and country.

PM Modi to address BJP's SC-ST members in Gujarat tomorrow
Ahead of the rally, Narendra Modi tweeted that he would be addressing rallies in Dhandhuka, Dhaod, and Netrang in Gujarat. Mr Sharma said BJP is not fighting these elections on the basis of development because they have failed on that front.

It seems that users who downloaded the freemium version of Ai.type had more data exposed than those with the paid version as the free one collects more information from devices. Accompanying the numbers were the make and model of the device, its screen resolution and the version of Android it was running. If the user's device was connected to a Wi-Fi network, the app also leaked the IP address of the device and the internet provider of the network. In particular he denied that IMEI information was collected, said the collected geo-location data was not accurate, and pointed out that user behavior data was only collected from ads that were clicked.

For reasons now unclear, some of the leaked information is reported to also include details linked to Google profiles, such as birth dates, genders, and profile pictures.

ZDNet said it also found several tables of contact data uploaded from a user's phone, one with 10.7 million email addresses and another with 374.6 million phone numbers.

'It is clear that data is valuable and everyone wants access to it for different reasons.

'Some want to sell the data they collect, others use it for targeted marketing, predictive artificial intelligence, and cyber criminals want to use it to make money in more and more creative ways.

Plot to kill British Prime Minister May foiled
Earlier this week a spokesperson for Ms May said British authorities had foiled nine terrorist plots in the last 12 months. The same report found that the ringleader of the June London Bridge attack was actively under investigation at the time .

Share