Keyboard maker AI.type exposes 31M customer records in latest database breach

Keyboard maker AI.type exposes 31M customer records in latest database breach

Ai.Type failed to secure a 577GB database that contained personal information of millions of virtual keyboard app users, including contacts and keystrokes.

Ai.type's founder Eitan Fitusi told The Register that the MongoDB database had been secured once Kromtech had reported the issue and that the archive only contained around half of the firm's database information.

Ai.type's own figures state that the app has been downloaded about 40 million times on the Google Play store since its launch in 2010.

But the server wasn't protected with a password, allowing anyone to access the company's database of user records, totaling more than 577 gigabytes of sensitive data.

The data leak, according to the researchers, only affects the app on Android and not iOS, so iPhone users can keep feeling smug.

Data including phone numbers, a user's name, their device name and model, network name, screen resolution, user language and Android version are reportedly compromised - as well as extraordinary details that many user's likely never knew the app could see. The server also stored precise location data about the user, including city and country.

ZDNet who obtained a portion of the database to verify the information collected by the servers made a few scarier revelations to the breach. Those that logged into the app using a Google profile also had their information scraped, revealing email addresses, dates of birth, gender and even profile photos. The server has since been secured, but Fitusi did not respond when we asked for comment. More specifically it collected device IMSI and IMEI numbers, device makes and models, phone screen resolutions, phone numbers, the names of cell phone providers, IP addresses, internet providers, and Android version numbers.

More news: Citing volatile value, Steam drops Bitcoin support

The seven-year-old company also claims that anything typed using its keyboards "stays encrypted and private".

It doesn't stop there as the app also seemingly had access to a user's contacts. If that wasn't enough data for the keyboard to mine, security researchers added that "there was a range of other statistics" including the most popular users' Google queries for different regions.

Nearly 6.5 million records also contained data collected from users' contact books, including names (as entered originally) and phone numbers, in total more than 373 million records scraped from registered users' phones, which include all their contacts saved/synced on linked Google account.

"Once again, a reckless software vendor has carelessly left its users' sensitive data available for anyone to grab", says Graham Cluley, a cybersecurity expert to GearBrain.

For its part, AI.type says on its website that user's privacy "is our main concern".

"This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user", he rightly pointed out.

"It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices", he added. However, he outlined that most of the data was insensitive.

Related Articles

  • NNPC Reveals Fuel Price Increase Not On The Cards

    NNPC Reveals Fuel Price Increase Not On The Cards

    Marafa however noted that the NNPC already issued statements informing that there is no need for panic buying. They could no longer get from NNPC's depots, now they are accusing us.
    Doctors say no to sport in Delhi as cricketers choke in smog

    Doctors say no to sport in Delhi as cricketers choke in smog

    The tribunal also condemned the Delhi government for not filing any action plan to curb air pollution in the National Capital. Sri Lanka and India play their third and final Test which ended on Wednesday at the Feroz Shah Kotla stadium .
    Dallas County Sheriff to officially run for Texas Governor

    Dallas County Sheriff to officially run for Texas Governor

    But Mark Jones of Rice University's Baker Institute said White does have a path to the nomination. She'll be an underdog in Texas, which hasn't elected a Democrat to a statewide office since 1994.
  • Sexual harassment lawsuit filed against CFL Hall of Famer Warren Moon

    Sexual harassment lawsuit filed against CFL Hall of Famer Warren Moon

    The full lawsuit, which was obtained by USA Today , made multiple allegations of sexual harassment against Moon. He is now ninth-all time in passing yards, and was elected to the Pro Football Hall of Fame in 2006 .
    TVS Apache RR310 launched in India at Rs2.05 lakh

    TVS Apache RR310 launched in India at Rs2.05 lakh

    The Apache RR 310 will be available in two shades - red and matte black. "We are looking to sell 10,000 bikes in the first year". The TVS Apache RR 310 sports a fully-faired, sporty design with superior ergonomics to ensure maximum ride comfort.
    Man United among Champions League last 16

    Man United among Champions League last 16

    On current form PSG is probably the last team we'd want to draw, and we'd probably pick Basel over Roma if given the choice. Placing five teams in the Champions League knockout rounds (nearly a third of the participants) is an outstanding feat.
  • Willie Taggart says coaching at Florida State is his 'dream job'

    Willie Taggart says coaching at Florida State is his 'dream job'

    He also said he doesn't see Florida State's 6-6 year as a sign it's in a rebuilding phase - but rather a "realignment". He said Wednesday that when he got the call about Florida State's interest, it was a "dream come true" for him.
    Destiny 2 Curse of Osiris: How to Start Heroic Adventures

    Destiny 2 Curse of Osiris: How to Start Heroic Adventures

    Destiny 2's Curse of Osiris DLC launched yesterday, providing a fresh selection of new content for Bungie's sci-fi shooter. What's ironic is that many hardcore Destiny players have been calling for a lower time-to-kill (TTK) in PvP.
    Steve Alford Says He Was 'Surprised' LiAngelo Ball Left UCLA Basketball Team

    Steve Alford Says He Was 'Surprised' LiAngelo Ball Left UCLA Basketball Team

    Trump said in a tweet that he "should have left them in jail", because of Ball's words about the president. Alford said neither LaVar nor LiAngelo spoke to him about the decision to quit the team and leave school.
  • Huawei P11 camera specs leak

    Huawei P11 camera specs leak

    The ads were posted by known mobile tipster Evan Blass, who claims they're from a creative agency that works with Huawei . Now new reports have surfaced online that Huawei may launch a photography-centric smartphone series in the coming weeks.
    Russian Federation  voices regret at Olympic ban

    Russian Federation voices regret at Olympic ban

    Whether or not they compete under their own flag, ski jumping and Nordic combined seem unlikely to result in any medals for Russians.
    Kim Jong-un Appears in Public Amid S.Korea-US Drills

    Kim Jong-un Appears in Public Amid S.Korea-US Drills

    The combined B-1 and F-22 drill represents a step up in the normal tit-for-tat between the United States and North Korea . While the USA military aircraft conducted simulated strikes, the South Korean warplanes actually dropped MK-82 bombs.