The "Ai.type" keyboard collected more data than needed: a database of 31 million users leaked into the network
577 gigabytes! information about users of the virtual keyboard "Ai.type", which was downloaded almost 40 million times, was available to anyone on the Internet. Initially, a startup company, and now an ordinary company responsible for developing the keyboard for Android and iOS, misconfigured the security of the MongoDB database, which (unfortunately) was available online. As a result, anyone who had access to the Internet could download or even delete the entire database. Kromtech Security Center informs about the incident.
Too many allowances
With mobile applications, they often require more allowances than they really need to operate. When the researchers installed Ai.type, they learned that they must allow the keyboard to access "all" information stored on the iPhone.
The leak of the database revealed how much data the company has been gathering since 2010 about its 31,293,959 clients. According to statistics, the Ai.type application has been downloaded in various languages about 40 million times from Google Play. The disclosed information included:
- phone numbers,
- first name and last name,
- device model,
- name of the cellular network,
- the numbers to which the SMS was sent,
- screen resolution,
- turned on languages,
- Android version,
- IMSI number,
- IMEI number,
- e-mail messages,
- home country,
- links and information related to social profiles, as well as photos from Google+, Facebook,
- location details,
Among these data were also books from phones with a total of 6 435 813 records, identifying other users, and thus:
- written names
- their phone numbers
In addition to the above, the database contained over 373 million records of other information that were downloaded from users' phones, including all contacts to third parties that were stored on the device or synchronized with a Google account.
If you have used the Ai.type virtual keyboard so far, please uninstall this spy software immediately.
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.