Keyboard maker AI.type exposes 31M customer records in latest database breach

Share

The app, available on both Android and iOS, has over 40 million users across the world.

Bizarrely, only Android users are affected by the breach, presumably because iOS user information is stored on a separate server database. The database contained the full name and email address of each user, as well as information about how many days the app had been installed on their device.

"Why would a keyboard and emoji application need to gather the entire data of the user's phone or tablet?" wrote Diachenko in the report.

The files were stored in a MongoDB database that was configured so that anyone online could access it. Researchers at Kromtech Security Center discovered the problem and notified Ai.Type last month.

The database, which appeared to contain information exclusively from Android users, belonged to AI.type co-founder Eitan Fitusi. The server has since been secured, but Fitusi did not respond when we asked for comment.

Is Eminem Releasing A Surprise 'Revival' Double Album Next Week?
Ed Sheeran among its guest performers, and you can expect the presence of that last name to seriously divide opinion. So the floppy " Walk on Water " will have to do.

So pretty much the promise of privacy, which ai.type outlines on its website has appeared to have a strong whiff of BS.

And the app touts privacy as a big focus, noting that text tapped into the keyboard is private and encrypted.

The app offers themed keyboards for phones and tablets. This is a shocking amount of information on their users who assume they are getting a simple keyboard application, ' they added. At this point, Kromtech warns that anyone who had ever downloaded and installed ai.type keyboard should consider their data out in the open.

"It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products", the company said in its blog post.

When researchers installed Ai.Type they were shocked to discover that users must allow "Full Access" to all of their data stored on the testing iPhone, including all keyboard data past and present. It also reflects how much information app developers are collecting from users without letting such users know what they intend to do with such data. The data also contained information around user's precise location, including city and country.

Rye Fire burns 500 acres in Santa Clarita area; 5 Fwy closed
Homes along Rye Canyon Loop, the Westridge housing community, and the Valencia Travel Village RV park were ordered to evacuate.

It seems that users who downloaded the freemium version of Ai.type had more data exposed than those with the paid version as the free one collects more information from devices. Accompanying the numbers were the make and model of the device, its screen resolution and the version of Android it was running. If the user's device was connected to a Wi-Fi network, the app also leaked the IP address of the device and the internet provider of the network. In particular he denied that IMEI information was collected, said the collected geo-location data was not accurate, and pointed out that user behavior data was only collected from ads that were clicked.

For reasons now unclear, some of the leaked information is reported to also include details linked to Google profiles, such as birth dates, genders, and profile pictures.

ZDNet said it also found several tables of contact data uploaded from a user's phone, one with 10.7 million email addresses and another with 374.6 million phone numbers.

'It is clear that data is valuable and everyone wants access to it for different reasons.

'Some want to sell the data they collect, others use it for targeted marketing, predictive artificial intelligence, and cyber criminals want to use it to make money in more and more creative ways.

The pots for Champions League last 16, first and second leg dates
Manchester United , Manchester City , Liverpool and Spurs all topped their groups, while Chelsea came second. Group winners are drawn against second place sides and play away first, with the second legs at home.

Share