AI.type virtual keyboard database hacked, data of 31 million users compromised

Adjust Comment Print

AI.type, a popular virtual keyboard app available for iPhone and Android smartphones, was discovered to have leaked personal information belonging to a large portion of its more than 40 million users.

While AI.type says the database has since been secured, the report is still incredibly damning, specifically relating to the app's collection of seemingly critical information. As per the report, the server was left unsecured without a password allowing access to the company's user database. This also exposed just how much data they access and how they obtain a treasure trove of data that average users do not expect to be extracted or datamined from their phone or tablet. Cybersecurity firm Kromtech Security Center discovered that a 577MB Mongo-hosted database containing the details of 31,293,959 users was exposed to anyone with an internet connection.

Each record contains a basic collected data, including the user's full name, email addresses, and how many days the app was installed. The data also included links to and information about social media sites accessed by customers, though notably it didn't include passwords. It also slurped 373 million names and phone numbers from the contacts of over six million users. The data was only secured after several attempts to contact Fitusi, who acknowledged the security lapse this weekend. If that wasn't enough data for the keyboard to mine, security researchers added that "there was a range of other statistics" including the most popular users' Google queries for different regions. One of the leaked database tables includes 10.7 million email addresses from contact data. In some cases, there's even specific details from the user's Google profile, including birth dates, genders, and profile pictures. Some of the records, however, are far more significant and include phone numbers and IP addresses.

Interestingly, AI.type says on its website that user privacy "is our main concern", and that any text entered on the keyboard "stays encrypted and private". ZDNet said it also uncovered the contact details from user's address books. "This is a shocking amount of information on their users who assume they are getting a simple keyboard application", Kromtech wrote in a blog post published Tuesday (5 December).

Amazon to launch Prime membership for Singapore, ends free shipping for non-members
Members will enjoy a host of facilities, including access to video streaming and free gaming services such as Twitch Prime . Customers who make orders above SGD60 using the Prime Now mobile app will not have to pay global shipping fees.

'Some want to sell the data they collect, others use it for targeted marketing, predictive artificial intelligence, and cyber criminals want to use it to make money in more and more creative ways.

Now it's worth pointing out that the ai.type Keyboard app does note that it'll suck up data and requires permissions to the user's mobile contacts database, though it points out that "all information is locally stored on smartphone's vocabulary".

Alex Kernishniuk, VP of strategic alliances, Kromtech said: "This is once again a wakeup call for any company that gathers and stores data on their customers to protect, secure, and audit their data privacy practices".