Ai.type keyboard app ‘leaked 31 million people’s details’
Published On: December 7, 2017 |
The Kromtech Security Center, part of MacKeeper, has found that the details of more than 31 million users of an add-on smartphone keyboard have been leaked online.
According to the firm, the MongoDB database used to collect data on Ai.type keyboard users was misconfigured, leaving the "data and details” of millions of people publicly available online.
MongoDB is a common platform used by companies to store data. However, a simple misconfiguration could mean that the database is then exposed online. A significant flaw is that the default settings of a MongoDB database allow anyone with an internet connection to browse the databases, download them, or even – in the worst cases – delete the data stored on them.
The app is available from both the Apple App Store and the Google Play Store.
Bob Diachenko, chief communications officer at the Kromtech Security Center, wrote in a blog post: “Consumers give up more data than ever before in exchange for using services or applications. The scary part is that companies collect and use their personal data in ways they may not know.”
He also questioned why a “keyboard and emoji application” would need to gather all the data of the user’s phone or tablet. Mr Diachenko revealed that based on the leaked database, the app collected “everything from contacts to keystrokes”.
According to the Kromtech Security Center, this leak has exposed exactly how much data the app accessed and how the firm behind it obtained “a treasure trove” of data that the average user would not expect to be extracted from their device.
The data accessed includes – but is not limited to – phone numbers, users’ full names, device names and models, location details, screen resolutions, user languages enabled, IMEI number (a unique number given to every single mobile phone), emails associated with the phone and country of residence.
Share This Post, Choose Your Platform!
With over 20 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.