AI.type virtual keyboard database hacked, data of 31 million users compromised

Share
AI.type virtual keyboard database hacked, data of 31 million users compromised

Personal data of 31,293,959 users of a popular virtual keyboard app, ai.type, has leaked online due to a misconfigured MongoDB database.

The database, which appeared to contain information exclusively from Android users, belonged to AI.type co-founder Eitan Fitusi.

Security experts from Kromtech Security Center who discovered the breach said the company's database wasn't secure with a password, meaning the data was easily accessible to hackers and anyone else who may have inadvertently stumbled across it.

Another week, another open database left online, but this latest case has shown not only sloppy security but also how much data you're giving up with some apps. But as security researchers at Kromtech Security Center recently discovered, AI.type has not been adequately protecting its databases.

While it may have tens of millions of users all over the world, the app's developers failed to protect the database with a password, enabling anyone to access this database that is over 577 GB heavy. The server also stored precise location data about the user, including city and country.

Other records are significantly more detailed.

Perhaps most troubling for users of AI.type was the discovery of more than 8.6 million text entries that contained information typed on the keyboard app.

More complete records also include the device's IMSI and IMEI number, the device's make and model, its screen resolution, and the device's specific Android version.

We also found several tables of contact data uploaded from a user's phone. One of the leaked database tables includes 10.7 million email addresses from contact data. It's not clear for what reason the app uploaded email addresses and phone numbers of contacts on users' phones.

Numerous kinds of records of the app's users were available on the server.

It's not uncommon for keyboard apps to ask for wide-ranging permissions to access data on a user's device-and in many cases, users are willing to grant it because the keyboard is an essential tool. AI.type is no exception, with read access to contact data, text messages, photos and video access and other on-device storage, record audio, and full network access. 31 million users are said to be affected. Any text entered on the keyboard "stays encrypted and private", says the company.

More than six million records contained data collected from users' contact books including names, phone numbers and contacts saved or linked to Google account, researchers found. "This is a shocking amount of information on their users who assume they are getting a simple keyboard application", Kromtech wrote in a blog post published Tuesday (5 December).

"Theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online", he told ZDNet.

Share

Advertisement

Related Posts

RBI holds repo rate at 6 percent, keeps 'neutral' stance
Dholakia had voted for a policy rate reduction of 25 basis points. "Core inflation is even firmer at 4.5-4.6 per cent". The central bank said it would track economic growth and inflation data, adding that risks to both "evenly balanced".

Ergen Steps Down as CEO
But then Ergen returned as CEO three years later following Clayton's retirement in March 2015. Dish spent $6.2 billion on wireless spectrum during an FCC auction earlier this year.

Kremlin says Putin not influenced by ex-Trump official Flynn
There is nothing fake about the news that President Donald Trump's former National Security Advisor, Lt. Russian Federation only went ahead and took retaliatory measures this summer.

Markus Jooste quits as Steinhoff CEO
The Steinhoff holding company is based in Amsterdam for tax reasons and has its primary listing on the Frankfurt stock exchange. Steinhoff's supervisory board has appointed its chairman, Christo Wiese, as executive chairman on an interim basis.

'House of Cards' to finish final season without Kevin Spacey
Many others have since come out against Spacey, and Netflix has been quick to distance themselves from the actor. Eric Roth - chief writer for House Of Cards' first four seasons - has been attached to the project.

British Columbia Investment Management Corp Holds Position in Priceline Grp INC (PCLN)
With 500 avg volume, 2440 days are for SEGA SAMMY HOLDINGS ORD (OTCMKTS:SGAMF)'s short sellers to cover SGAMF's short positions. The institutional investor purchased 139 shares of the business services provider's stock, valued at approximately $254,000.

London Mayor Sadiq Khan arrives in Pakisan
The London mayor reaches Lahore through Wahga border along with his 16-member delegation. Mr Khan who arrived in India earlier this week entered Pakistan through Wagah Border.

Pochettino provides update for crocked Tottenham star Wanyama
That is why they deserve it, they have the quality as well in the position that we are looking to try to help the team tomorrow. We've gone with the mentality that we want to show what we can do, and I think we've done that so far.

Zinke recommends shrinking Nevada monument
Zinke said, "The argument that somehow President Trump stole land is nefarious, false and a lie". Final action will be left up to the president.

Nike, Inc. (NYSE:NKE) Shares Sold by Wealthfront Inc
It dropped, as 82 investors sold NKE shares while 439 reduced holdings. 110 funds opened positions while 410 raised stakes. Following the completion of the sale, the director now owns 55,660 shares in the company, valued at $3,142,007.

© 2015 ExpressNewsline. All Rights reserved.