Data-slurping keyboard app makes Mongo mistake with user data

Popular virtual keyboard app leaks 31 million users personal data

Inc. All rights reserved. This material may not be published broadcast rewritten or redistributed

Third-party Android and iOS keyboard ai-type is at the center of something of a privacy nightmare after a misconfigured database leaked the personal details of more than 31 million of its users.

The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalizable on-screen keyboard, which boasts more than 40 million users across the world. Eventually the data contained on the server was secured and AI.type acknowledged that a security breach had occurred over the past weekend.

It seems that users who downloaded the freemium version of Ai.type had more data exposed than those with the paid version as the free one collects more information from devices.

For reasons now unclear, some of the leaked information is reported to also include details linked to Google profiles, such as birth dates, genders, and profile pictures. Not only do they tend to offer more features over the stock keyboard shipping on most smartphones, but in some cases, they provide better auto-correct and prediction technology than the first-party alternatives.

Among the compromised data are dates of birth, email addresses, passwords and information from their Google accounts, as well as all the actual text typed using the keyboard.

Eminem 'Revival' Features Ed Sheeran, Beyonce, Pink
He said the rap titan then flew to NY to meet with him where they spent eight hours recording a new track. "Yeah, it's raw as fuck, man".

Ai.Type helped itself (once given permission by the user, often without a second thought) to the phone's IMEI number, as well as links to the user's social media pages and profile images, their exact location in real-time, along with every contact stored on their device.

While many of those details amount to basic records, the database also house records that revealed more sensitive information about users.

The researchers claimed data left visible included names, phone numbers, locations and Google queries. One table listed 10.7 million email addresses, while another contained 374.6 million phone numbers. Any text entered on the keyboard "stays encrypted and private", says the company.

ZDNet's report found, however, that the company had collected more than 8.6 million text entries collected from the keyboard, including phone numbers, web search terms, and concatenated emails and passwords.

Bob Diachenko, from the Kromtech Security Centre, part of security company Mackeeper, said the amount of data required by the app at point of download was "shocking".

Bengaluru: Ola Driver masturbates in front of passenger on board
The woman passenger who was shocked says it was only after she continued shouting for help that the Uber driver stopped. An Ola cab driver allegedly molested a woman in Bengaluru while she was going home, according to PTI.

"It is clear that data is valuable and everyone wants access to it for different reasons", Alex Kernishniuk, VP of strategic alliances at Kromtech, said.

"This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user", he added.

Ai.type uses artificial intelligence to help users type faster and more accurately.

"It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices".

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Mueller has spent $3.2M on Russian Federation investigation
The report covers from May 17, the date of Mueller's appointment, through September 30, the end of the federal fiscal year. Though Mueller's investigation is not yet a year old, his team of prosecutors have made significant moves.

Latest News