Keyboard application compromised personal data of 31 million users

06.12.2017

ai-type-keyboard-data-breach

 

A team of cybersecurity specialists at the Kromtech Security Center has discovered a huge amount of personal data belonging to more than 31 million users of the popular virtual keyboard application, AI.type, accidentally leaked online for anyone to download without requiring any password.

Founded in 2010, Ai.type is a personalizable on-screen keyboard for mobile phones and tablets with more than 40 million users worldwide.

A misconfigured MongoDB database, owned by AI.type, has exposed their entire 577 GB of the database online that includes a shocking amount of sensitive details on their users, which is not even necessary for the application to work.

The leaked database includes the following data of over 31 million users:

  • Full name, phone number, and email address
  • Device name, screen resolution and model details
  • Android version, IMSI number, and IMEI number
  • Mobile network name, country of residence and even enabled languages
  • IP address (if available), along with GPS location (longitude/latitude).
  • Links and the information associated with the social media profiles, including birth date, emails, photos

 

Ai-type-data-breach

 

"When researchers installed Ai.Type they were shocked to discover that users must allow 'Full Access' to all of their data stored on the testing iPhone, including all keyboard data past and present," the experts said.

In addition, the leaked database also reveals that the virtual keyboard application steals users' personal contact books, including the names and phone numbers of their contacts, and has already stolen more than 373 million records.

Would you like to comment on this article? 

Share

Latest news

15.12.2017

Hacker removed malware from Netgear site, the company failed to do so for 2 years

An anonymous hacker has removed malware from a Netgear site after the company failed to clean up a malware infection for more than two years.

15.12.2017

Hacker robbed church in Northern Ireland

The hacker told the priest that the church computer should be remotely accessible to fix an internet problem.

15.12.2017

Synaptics to remove keylogger from its drivers

The company has decided to remove the keylogger functionality from its products.

Sign up for our online newsletter!