May 27, 2018

Privacy: Popular ai.type keyboard leaks personal details of 31 million users

07 December 2017, 07:17 | Lucia Cruz

Millions caught in virtual keyboard app data breach

Popular Keyboard App with Tens of Millions of Downloads Leaks Data of Its 31 Million Users

On Tuesday security shop Kromtech released details on a MongoDB database it found unsecured online containing 577GB of data collected by predictive keyboard app AI.type from its over 31 million users. These apps are installed over 1.5 million times per month, Ai.Type boasts on its website.

As well as email addresses, the data also includes full names, exact locations, SIM card numbers and unique IMEI and IMSI numbers and also details of mobile network providers and which version of Android is being used.

While the database discovered to be leaking information collected by AI.type has been secured, the app itself is still collecting the same data.

"Why would a keyboard and emoji application need to gather the entire data of the user's phone or tablet?"

Bob Diachenko from the Kromtech Security Centre, a part of security company Mackeeper, highlighted the data access asked by the app at the time of installation was "shocking".

For now, the possibility that anyone who download the keyboard apps had all of their phone data exposed publicly online is a "logical" thought, adds Kromtech's Diachenko.

Kromtech said it found no signs that malicious actors ever accessed the exposed files, but hackers have been on the hunt for vulnerable MongoDB databases, wiping them, and demanding a ransom.

Pope urges respect for Jerusalem status quo
It quickly annexed it, declaring the whole of the city as its capital in a move which has not been recognised internationally. Pope Francis called on President Donald Trump to respect the "status quo" and not move the USA embassy to Jerusalem.

"This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user", he rightly pointed out.

However the boss of Ai.Type, whilst he admitted the breach, said that most of the data was not sensitive.

Reports suggest that the data in question, which has been verified by ZDNet, includes full names and email addresses of Ai.type users, as well as dates showing when the cross-platform app was installed. User data from a folder titled "old database' that contained 753,456 records too said to be available online". Except with the wide-ranging permissions keyboards have on Android, including the option to read text messages, view photos and videos and even record audio, combined with the fact that it didn't store user data in a secure storage, you have to wonder just how accurate that is.

Fitusi did confirm that the database has now been shut down and he reportedly said he was "confident" about the company's security. Users of the app may want to think twice about typing any sensitive information while using the app, as it is likely to be sucked up and stored in a server.

Mark James, security specialist at ESET, said the start-up's collection of such a wide range of data was unacceptable.

"Sadly your only choice is do you or don't you want to install it; if the answer is yes then you have accept all the conditions often without realising exactly what it entails; in this case, the amount of data being sent to an unknown uncontrollable server is staggering".

For reasons now unclear, some of the leaked information is reported to also include details linked to Google profiles, such as birth dates, genders, and profile pictures. "The database was not configured correctly and thus enabled full access from the internet to all the data being held, making it essentially free for all access", he added.

Other News

Trending Now

New contract for Roger Goodell has been signed
All 32 owners unanimously granted the Compensation Committee permission in May to negotiate an extension with Goodell. Goodell has earned more than $200 million since he was elected National Football League commissioner in 2006.

Russia's Putin: I never demanded victory at Sochi Olympics
Putin himself had suggested it would be "humiliation" for Russian athletes to compete without their national symbols. Medals are potentially possible in other disciplines such as big air or snowboard cross.

UCLA coach Alford surprised by LiAngelo Ball leaving school
It's about what I can control. "If you're looking for one word, maybe it's surprised because it's nothing that we saw coming". In the tweet, Trump criticized Ball as being ungrateful of what he did for his son and the two other freshmen.

Margot Robbie recalls how her mother was almost strangled by a python
However, after recovering in time for the Winter Olympics, she won the silver medal, with Harding coming eighth. Check out another cute snap below! Both Margot and Tonya wore open-toe, black stilettos.

Angels acquire $1 million in worldwide slot money from the Twins
Banuelos, 21, hit.236 with four home runs in 36 games for the Class A Everett (Wash.) AquaSox after signing in July. They were not among the teams invited to meet with Ohtani, so they didn't have as much use for the extra money.

Artist Lubaina Himid wins 2017 Turner Prize
The jury also acknowledged her role as an influential curator and educator who continues to speak urgently to the moment. The jury admired Himid's expansive and exuberant approach to painting which combines satire and a sense of theatre.

Eminem 'Revival' Features Ed Sheeran, Beyonce, Pink
He made a huge impact when he gutted President Trump during the BET Hip-Hop Awards in his freestyle a capella number "The Storm". The band's also featured on the song "Wicked Ways", which appears on the deluxe version of 2013's The Marshall Mathers LP 2 .

Alice in Winterland postponed due to John Mayer's emergency surgery
All tickets for the December 5 show will be honored for the rescheduled date. Ticketholders can get refunds at the point of purchase. Mayer, 40, is expected to make a complete recovery.

Yemen rebels disperse protests demanding slain leader's body
Residents reported heavy bombing, and a United Nations official said at least 25 airstrikes hit the city over the past 24 hours. In a televised speech, Yemeni President Abd-Rabbu Mansour Hadi called on Yemenis to rise up against the Iran-aligned Houthis.

Osmania University Students Protest After Student Hangs Himself in Hostel
Doulapur is located in Siddipet district, within the Gajwel constituency, which is represented by Chief Minister K. Things took an ugly turn when the police apparently took action on students within the campus itself.