Keyboard App Collects Personal Data on 31 Million Users
Return To ArticleA team of security researchers at the Kromtech Security Center has discovered a massive trove of personal data belonging to more than 31 million users of the popular virtual keyboard app, AI.type, accidentally leaked online for anyone to download without requiring any password.
Founded in 2010, Ai.type is a customizable and personalizable on-screen keyboard for mobile phones and tablets, with more than 40 million users worldwide. Apparently, a misconfigured MongoDB database, owned by the Tel Aviv-based startup AI.type, exposed their entire 577 GB of the database online that includes a shocking amount of sensitive details on their users, which is not even necessary for the app to work.
The leaked database of over 31 million users includes: Full name, phone number, and email address, Device name, screen resolution and model detail, Android version, IMSI number, and IMEI number, Mobile network name, country of residence and even user enabled languages, IP address (if available), along with GPS location (longitude/latitude), Links and the information associated with the social media profiles, including birth date, emails, photos.
