Sci-tech

Ai.Type Keyboard Replacement Leaks Data for 31 Million Users

Ai.Type Keyboard Replacement Leaks Data for 31 Million Users”

Another week, another open database left online, but this latest case has shown not only sloppy security but also how much data you're giving up with some apps. 577GB of data was outed thanks to the lack of password protection for the app's database server.

Strangely, the data breach applies only to Android users of AI.type keyboards, not iOS users.

Ai.type's founder Eitan Fitusi told The Register that the MongoDB database had been secured once Kromtech had reported the issue and that the archive only contained around half of the firm's database information.

"The misconfigured MongoDB database appears to belong to Ai.Type a Tel Aviv-based startup that designs and develops a personalized keyboard for mobile phones and tablets for both Android and iOS devices", Kromtech Security Center said. And it wasn't until ZD.Net attempted to get in touch with developer Fitusi that the database was secured.

Google often warns users of the security risks that come with the use of a third-party keyboard, but AI.type touts on its website that user privacy is its "main concern" and that any entered text "stays encrypted and private".

'This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user.

There's more in the full blog post, but the long and the short of it is that these users are utterly exposed.

"It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices". This information included sensitive data such as names, phone numbers, mobile hardware identification info, email addresses and country of residence. Accompanying the numbers were the make and model of the device, its screen resolution and the version of Android it was running.

A large portion of the records also included the user's phone number and the name of their cell phone provider, and in some cases their IP address and name of their internet provider if connected to Wi-Fi. The records also contained details from users' public Google profile like email addresses, birth date, gender, and profile picture.

AI.Type also uploaded users' contacts and their phone numbers into the exposed MongoDB database.

This is once again a wakeup call for any company that gathers and stores data on their customers to protect, secure, and audit their data privacy practices.

'It is clear that data is valuable and everyone wants access to it for different reasons. They feature word prediction, emoji suggestions, customized layouts, and more.



Like this

Latest


06 Декабря 2017
Labor MPs were 'hiding in plain sight'
Leader of the House Christopher Pyne said it showed Labor knew four of its members should be referred to the court. Gallagher stood aside from her frontbench portfolios and as manager of opposition business in the Senate.

06 Декабря 2017
Villanova's Mikal Bridges throws down against Gonzaga
Bridges connected on 8-of-14 attempts from the field to finish with a career high 28 points to go with six rebounds. Spellman poured in 10 points with eight rebounds Tuesday, good for his third straight double-figure scoring effort.

06 Декабря 2017
Veteran French crooner Johnny Hallyday dies aged 74 after cancer battle
Hallyday had announced in March that he was being treated for cancer but had played down the severity of his condition. Hallyday was famously made a Chevalier of the Legion D'Honneur by French President Jacques Chirac in 1997.

06 Декабря 2017
Islamic terror plot to assassinate British PM Theresa May thwarted, report says
Eleven people died when terrorists used vehicles and knives to attack people at London Bridge in June. Downing Street is heavily protected by fortified gates and armed police officers.

06 Декабря 2017
HD Supply Holdings Inc (HDS) Net Revenue Surprises Analysts
DUPONT CAPITAL MANAGEMENT Corp acquired a new stake in shares of HD Supply Holdings during the first quarter worth about $136,000. Vaughan Nelson Investment Management Lp decreased Hd Supply Hldgs Inc ( HDS ) stake by 11.86% reported in 2017Q2 SEC filing.

06 Декабря 2017
Reggie Yates misses Xmas TOTP over 'Jewish guy' remark
The presenter stepped down after coming under fire over the controversial comments, which he admitted had "hurt many people". Shortly after the incident, Reggie released this statement: "I'm hugely apologetic for this flippant comment".

06 Декабря 2017
Pink reveals the important dating advice she shared with her daughter
Pink is never afraid to tell it like it is, and that extends to offering dating advice to her 6-year-old daughter, Willow . Luckily, Twitter users clarified that Pink isn't forcing her kids to embrace transgressive gender roles.

06 Декабря 2017
Amanda Staveley's Newcastle takeover in doubt after negotiations stalemate
Former Liverpool chief exec Christian Purslow can't see Newcastle United being sold before the January transfer market. Newcastle are15th in the Premier League, five points above the relegation zone and without a win in six matches.

06 Декабря 2017
Silicon Valley VC takes leaves amid harassment allegations
In May, Pishevar was arrested in a London hotel on suspicion of rape, Forbes reported . Definers Public Affairs has denied any involvement in work related to Pishevar.

06 Декабря 2017
Revisit Your 2017 Listening Habits with Spotify's Year in Music
Now, with it's latest end-of-year feature, you can find out just what Spotify learned about you in 2017. It also has a playlist of your top 100 songs and another playlist of songs that you may have missed.



Recommended