This is bad: Huge security gaffe on popular keyboard app exposes private data of 31 million users


More than 31 million users of the popular keyboard app AI.type have had their private data leaked online, all because of a jaw-droppingly bad and quite unbelievable security gaffe.

Among the compromised data are dates of birth, email addresses, passwords and information from their Google accounts, as well as all the actual text typed using the keyboard.

Available on iOS and Android, AI.type is a keyboard app which has around 40 million users that offers both a free and paid for version.

Security experts from Kromtech Security Center who discovered the breach said the company’s database wasn’t secure with a password, meaning the data was easily accessible to hackers and anyone else who may have inadvertently stumbled across it.

Speaking to ZDNet, Bob Diachenko from Kromtech said: “Theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online.

“This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user,” he added.

Around 577 GB of data was exposed online, although only Android users are thought to be affected.

As well as email addresses, the data also includes full names, exact locations, SIM card numbers and unique IMEI and IMSI numbers and also details of mobile network providers and which version of Android is being used.

And if that wasn’t bad enough, in some cases the exposed data also included IP addresses, phone numbers, internet providers and Google account information, which in turn reveals web browser history, dates of birth, profile photos and even details on all the apps installed on the user’s phone.

The data also includes more than 8 million text entries that were entered using the AI.type app, including passwords and search terms. ZDNet said it also uncovered the contact details from user’s address books.

Alex Kernishniuk, VP of strategic alliances, Kromtech said: “This is once again a wakeup call for any company that gathers and stores data on their customers to protect, secure, and audit their data privacy practices.”

Report from Kromtech


Comments are closed.