discovered that personal information from around 31 million users have been leaked online due to a security vulnerability in the popular smartphone keyboard app Ai.type. The data was found online and can be accessed by anyone without a password.
Via The Hacker News:
Founded in 2010, Ai.type is a customizable and personalizable on-screen keyboard for mobile phones and tablets, with more than 40 million users worldwide.
Apparently, a misconfigured MongoDB database, owned by the Tel Aviv-based startup AI.type, exposed their entire 577 GB of the database online that includes a shocking amount of sensitive details on their users, which is not even necessary for the app to work.
"...they appear to collect everything from contacts to keystrokes."If you are an Ai.type user, it's already too late, but I'd still uninstall it if I were you...
The leaked database of over 31 million users includes:
- Full name, phone number, and email address
- Device name, screen resolution and model details
- Android version, IMSI number, and IMEI number
- Mobile network name, country of residence and even user enabled languages
- IP address (if available), along with GPS location (longitude/latitude).
"When researchers installed Ai.Type they were shocked to discover that users must allow 'Full Access' to all of their data stored on the testing iPhone, including all keyboard data past and present," the researchers say.
- Links and the information associated with the social media profiles, including birth date, emails, photos.