AI.type virtual keyboard database hacked, data of 31 million users compromised

Share
AI.type virtual keyboard database hacked, data of 31 million users compromised

Personal data of 31,293,959 users of a popular virtual keyboard app, ai.type, has leaked online due to a misconfigured MongoDB database.

The database, which appeared to contain information exclusively from Android users, belonged to AI.type co-founder Eitan Fitusi.

Security experts from Kromtech Security Center who discovered the breach said the company's database wasn't secure with a password, meaning the data was easily accessible to hackers and anyone else who may have inadvertently stumbled across it.

Another week, another open database left online, but this latest case has shown not only sloppy security but also how much data you're giving up with some apps. But as security researchers at Kromtech Security Center recently discovered, AI.type has not been adequately protecting its databases.

While it may have tens of millions of users all over the world, the app's developers failed to protect the database with a password, enabling anyone to access this database that is over 577 GB heavy. The server also stored precise location data about the user, including city and country.

Other records are significantly more detailed.

Perhaps most troubling for users of AI.type was the discovery of more than 8.6 million text entries that contained information typed on the keyboard app.

More complete records also include the device's IMSI and IMEI number, the device's make and model, its screen resolution, and the device's specific Android version.

We also found several tables of contact data uploaded from a user's phone. One of the leaked database tables includes 10.7 million email addresses from contact data. It's not clear for what reason the app uploaded email addresses and phone numbers of contacts on users' phones.

Numerous kinds of records of the app's users were available on the server.

It's not uncommon for keyboard apps to ask for wide-ranging permissions to access data on a user's device-and in many cases, users are willing to grant it because the keyboard is an essential tool. AI.type is no exception, with read access to contact data, text messages, photos and video access and other on-device storage, record audio, and full network access. 31 million users are said to be affected. Any text entered on the keyboard "stays encrypted and private", says the company.

More than six million records contained data collected from users' contact books including names, phone numbers and contacts saved or linked to Google account, researchers found. "This is a shocking amount of information on their users who assume they are getting a simple keyboard application", Kromtech wrote in a blog post published Tuesday (5 December).

"Theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online", he told ZDNet.

Share

Advertisement

Related Posts

Public visitation Wednesday for Mariah Woods; memorial fund established
Payments should be made out to "The Mariah Woods Fund". "We will not discuss any details related to the homicide investigation". State arrest records show that Kimrey had previously been charged with larceny, assault, and drunk and disorderly conduct.

'House of Cards' to finish final season without Kevin Spacey
Many others have since come out against Spacey, and Netflix has been quick to distance themselves from the actor. Eric Roth - chief writer for House Of Cards' first four seasons - has been attached to the project.

Zinke recommends shrinking Nevada monument
Zinke said, "The argument that somehow President Trump stole land is nefarious, false and a lie". Final action will be left up to the president.

Pochettino provides update for crocked Tottenham star Wanyama
That is why they deserve it, they have the quality as well in the position that we are looking to try to help the team tomorrow. We've gone with the mentality that we want to show what we can do, and I think we've done that so far.

Ford sets ambitious goals in China
Auto manufacturers may also find consumers who are more willing to make the switch from gas to electric-powered vehicles. The move comes as Ford tries to become more competitive globally under new CEO Jim Hackett .

Nike, Inc. (NYSE:NKE) Shares Sold by Wealthfront Inc
It dropped, as 82 investors sold NKE shares while 439 reduced holdings. 110 funds opened positions while 410 raised stakes. Following the completion of the sale, the director now owns 55,660 shares in the company, valued at $3,142,007.

Kremlin says Putin not influenced by ex-Trump official Flynn
There is nothing fake about the news that President Donald Trump's former National Security Advisor, Lt. Russian Federation only went ahead and took retaliatory measures this summer.

CIBC Asset Management Inc Sells 8743 Shares of Cypress Semiconductor Corporation (CY)
The fund owned 44,400 shares of the semiconductor company's stock after buying an additional 43,100 shares during the quarter. The Altman Z-score depends on five financial ratios that can be calculated from data found on a company's annual 10K report.

Disney Reportedly Close To Buying X-Men Film Studio 20th Century Fox
However, no deal between Disney and Fox is imminent and several issues have yet to be fully negotiated, the sources said. In what could be a major shift in film and TV, Disney is reportedly in talks to buy most of 21st Century Fox .

London Mayor Sadiq Khan arrives in Pakisan
The London mayor reaches Lahore through Wahga border along with his 16-member delegation. Mr Khan who arrived in India earlier this week entered Pakistan through Wagah Border.

© 2015 ExpressNewsline. All Rights reserved.