Millions caught in virtual keyboard app data breach

Millions caught in virtual keyboard app data breach

Millions caught in virtual keyboard app data breach

Case in point: popular Android keyboard AI.type leaked the personal data for more than 31 million users because it allegedly didn't protect one of its online databases with a password.

The app, AI.type, stored its data on a server owned by company co-founder Eitan Fitusi.

Researchers had attempted to contact the company behind AI.type on multiple occasions but it wasn't until this past weekend that they finally acknowledged it. AI.type says it has now secured the database, and that the leak didn't impact AI.type's nine million iOS users.

It included phone numbers, full names, device name and model, mobile network, SMS number, IMSI and IMEI numbers, email addresses, country of residence, social media links and location data for each customer.

Available on iOS and Android, AI.type is a keyboard app which has around 40 million users that offers both a free and paid for version. In some cases, there's even specific details from the user's Google profile, including birth dates, genders, and profile pictures.

Other than the worry that a dodgy keyboard app could be logging your every keystroke and sending it off to some suspect third-party, you'd hope something as straightforward as typing was worry free. MongoDB is a common platform used by many well-known companies and organizations to store data, but a simple misconfiguration could allow the database to be easily exposed online.

May to reconvene Brexit talks with European Union this week
The EU estimated at some 60 billion euros ($71 billion) what Britain should pay to cover outstanding obligations on leaving.

'Westworld,' Among Other TV Shows, Shuts Down Production Amid So Cal Wildfires
A Santa Clarita Studios employee told Deadline this morning that the facility's internet was down, apparently because of the fire. Nobody from the show seems to be in danger, although there's no saying when production will be able to resume.

Amanpour to help fill Charlie Rose gap on PBS
Beginning on Monday in New York, PBS and WNET announced Amanpour on PBS will air at 11 p.m. PBS cut ties with Rose after several women accused him of unwanted sexual advances.

In total, the database contained more than 10.7 million email addresses and 374.6 million phone numbers, suggesting the app accessed the contacts of its users and uploaded that information to its database. "This also exposed just how much data they access and how they obtain a treasure trove of data that average users not do expect to be extracted or data-mined from their phone or tablet".

Several tables contained lists of each app installed on a user's device, such as banking apps and dating apps.

Interestingly, AI.type says on its website that user privacy "is our main concern", and that any text entered on the keyboard "stays encrypted and private". Android will warn users that keyboards "may be able to collect all the text that you type, including personal data like passwords and credit card numbers".

ZDNet's report found, however, that the company had collected more than 8.6 million text entries collected from the keyboard, including phone numbers, web search terms, and concatenated emails and passwords.

"Theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online". "This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user", Bob Diachenko of the Kromtech Security Center said.

"It is clear that data is valuable and everyone wants access to it for different reasons", Alex Kernishniuk, VP of strategic alliances at Kromtech, said.

Latest News