AI.type virtual keyboard database hacked, data of 31 million users compromised

Share
AI.type virtual keyboard database hacked, data of 31 million users compromised

Personal data of 31,293,959 users of a popular virtual keyboard app, ai.type, has leaked online due to a misconfigured MongoDB database.

The database, which appeared to contain information exclusively from Android users, belonged to AI.type co-founder Eitan Fitusi.

Security experts from Kromtech Security Center who discovered the breach said the company's database wasn't secure with a password, meaning the data was easily accessible to hackers and anyone else who may have inadvertently stumbled across it.

Another week, another open database left online, but this latest case has shown not only sloppy security but also how much data you're giving up with some apps. But as security researchers at Kromtech Security Center recently discovered, AI.type has not been adequately protecting its databases.

While it may have tens of millions of users all over the world, the app's developers failed to protect the database with a password, enabling anyone to access this database that is over 577 GB heavy. The server also stored precise location data about the user, including city and country.

Other records are significantly more detailed.

Perhaps most troubling for users of AI.type was the discovery of more than 8.6 million text entries that contained information typed on the keyboard app.

More complete records also include the device's IMSI and IMEI number, the device's make and model, its screen resolution, and the device's specific Android version.

We also found several tables of contact data uploaded from a user's phone. One of the leaked database tables includes 10.7 million email addresses from contact data. It's not clear for what reason the app uploaded email addresses and phone numbers of contacts on users' phones.

Numerous kinds of records of the app's users were available on the server.

It's not uncommon for keyboard apps to ask for wide-ranging permissions to access data on a user's device-and in many cases, users are willing to grant it because the keyboard is an essential tool. AI.type is no exception, with read access to contact data, text messages, photos and video access and other on-device storage, record audio, and full network access. 31 million users are said to be affected. Any text entered on the keyboard "stays encrypted and private", says the company.

More than six million records contained data collected from users' contact books including names, phone numbers and contacts saved or linked to Google account, researchers found. "This is a shocking amount of information on their users who assume they are getting a simple keyboard application", Kromtech wrote in a blog post published Tuesday (5 December).

"Theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online", he told ZDNet.

Share

Advertisement

Related Posts

Markus Jooste quits as Steinhoff CEO
The Steinhoff holding company is based in Amsterdam for tax reasons and has its primary listing on the Frankfurt stock exchange. Steinhoff's supervisory board has appointed its chairman, Christo Wiese, as executive chairman on an interim basis.

Champions League roundup: Half of knockout round set
In their first H2H clash this season, The Magic One earned a well-deserved 2:1 victory at Baku National Stadium . Eusebio's side sit on eight points in Group C, two behind Chelsea in top spot, and trailed by Atleti in third.

Disney Reportedly Close To Buying X-Men Film Studio 20th Century Fox
However, no deal between Disney and Fox is imminent and several issues have yet to be fully negotiated, the sources said. In what could be a major shift in film and TV, Disney is reportedly in talks to buy most of 21st Century Fox .

Google Hiring Thousands of Moderators To Clean Up YouTube
The company is recruiting thousands of reviewers to reduce the amount of "problematic content" on its video platform. They also hope to increase use of machine learning to cut down on content that violates its video-sharing policies.

Naya Rivera again files for divorce from Ryan Dorsey
The Glee actress had previously filed for divorce in November 2016 , but she withdrew the application and they made peace. The filing took place one week after Dorsey told 911 that Rivera had hit him while he was taking their son for a walk.

Public visitation Wednesday for Mariah Woods; memorial fund established
Payments should be made out to "The Mariah Woods Fund". "We will not discuss any details related to the homicide investigation". State arrest records show that Kimrey had previously been charged with larceny, assault, and drunk and disorderly conduct.

Kremlin says Putin not influenced by ex-Trump official Flynn
There is nothing fake about the news that President Donald Trump's former National Security Advisor, Lt. Russian Federation only went ahead and took retaliatory measures this summer.

Latest Newcastle United takeover update will frustrate fans
Mike Ashley will not New accept Amanda Staveley's offer of £250million for Newcastle United , Sportsmail understands. The offer of £250m was made last week, but Ashley is yet to respond to the rumored two-week deadline set by Staveley.

Saudi Crown Prince voted Time person of the year
Saudi Arabia's Crown Prince, Mohammed bin Salman, has rejected as "ludicrous" analysts' suggestions the anti-corruption campaign was a power grab.

Zinke recommends shrinking Nevada monument
Zinke said, "The argument that somehow President Trump stole land is nefarious, false and a lie". Final action will be left up to the president.

© 2015 ExpressNewsline. All Rights reserved.