Popular Add-On Keyboard App Ai.Type Leaks 31 Million iOS And Android Users' Information

According to Kromtech Security Center as they discovered that MongoDB's database for collecting ai.type Keyboard user data was misconfigured, and was available on the internet. Contained in the database is reportedly "data and details of 31,293,959 users" of the ai.type keyboard.

The database included the personal details of 31,293,959 users who installed ai.type virtual keyboard.  Highly sensitive and identifiable information such as: Phone number, full name of the owner, device name and model, mobile network name, SMS number, links and the information associated with the social media profiles, photos, and much more!


To making the situation even worse, it appears 6.4 million records contained a gleaned from a user's Contacts, including names and phone numbers, leading to a total of 373 million records in the publicly available database. Other information in the database includes average messages per day, words per message, and ages of users.

Theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online. This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user. It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices.

When user installed ai.type, the app will then asks for "Full Access." If permission is granted, the add-on keyboard can transmit absolutely anything typed through the keyboard to the developer. However, the company claims that it will never use personal information it collects, although they tells a different story about the data contained in the database - but doesn't deny that a database was available publicly for a period of time.

Founder Eitan Fitusi told BBC that the stolen information was a "secondary database." Additionally, he claims that the IMEI information was never collected by the company, user data collected only involves what ads are clicked by the user, and that the location data wasn't accurate. The Chief Executive claims that the database been secured since the breach.

Via AppleInsider, Image Credit 9to5Google

Post a Comment

Previous Post Next Post