Recently there has been a massive data breach that exposed millions of people. Upon installing the Ai.Type keyboard the application requested full access to your phone which recorded every letter or number you typed. Why would a keyboard and emoji application need to gather the entire data of the user’s phone or tablet? Great question.
Tuesday, December 5th, a security shop known as kromtech released details on a MongoDB database it found unsecured on the internet. The database had 577 gigabytes of user data collected from the app called AI.type. According to researchers, the app only leaked android users info so you iPhone users can feel a little safer.
According to the KromTech Security Center, the AI.type server had been using a mongo-hosted database that’s used by many well-known companies, but a simple misconfiguration could lead to a huge data breach. “It is clear that data is valuable and everyone wants access to it for different reasons,” said Alex Kernishniuk, VP of strategic alliances at Kromtech.
While it could have possibly had tens of millions of peoples data all over the world, the app developers failed to protect their database with a password. Anyone that had the direct URL could have used it to access the massive trove of stored data.
KromTech added that over 6 million records also contained data from people’s contact books. For a short time, more than 373 million records of contacts saved/synced on their linked google accounts were available to the public. A large portion of the records also contained phone numbers, full names, device name and model, mobile network name, SMS number, screen resolution, user languages enabled, Android version, IMSI number, IMEI number , emails associated with the phone, country of residence, links and the information associated with the social media profiles including birthdates and photos, IP, and location details.
AI.type also states that it will “never share your data or learn from password fields” but, as ZDNet highlights, there was a table with 8.6 million entries of sensitive information logged and stored via the keyboard. Interestingly, the free version of AI.type was found to have collected more data than the paid version.