Sci-tech

Ai.Type Keyboard Replacement Leaks Data for 31 Million Users

Ai.Type Keyboard Replacement Leaks Data for 31 Million Users”

Another week, another open database left online, but this latest case has shown not only sloppy security but also how much data you're giving up with some apps. 577GB of data was outed thanks to the lack of password protection for the app's database server.

Strangely, the data breach applies only to Android users of AI.type keyboards, not iOS users.

Ai.type's founder Eitan Fitusi told The Register that the MongoDB database had been secured once Kromtech had reported the issue and that the archive only contained around half of the firm's database information.

"The misconfigured MongoDB database appears to belong to Ai.Type a Tel Aviv-based startup that designs and develops a personalized keyboard for mobile phones and tablets for both Android and iOS devices", Kromtech Security Center said. And it wasn't until ZD.Net attempted to get in touch with developer Fitusi that the database was secured.

Google often warns users of the security risks that come with the use of a third-party keyboard, but AI.type touts on its website that user privacy is its "main concern" and that any entered text "stays encrypted and private".

'This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user.

There's more in the full blog post, but the long and the short of it is that these users are utterly exposed.

"It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices". This information included sensitive data such as names, phone numbers, mobile hardware identification info, email addresses and country of residence. Accompanying the numbers were the make and model of the device, its screen resolution and the version of Android it was running.

A large portion of the records also included the user's phone number and the name of their cell phone provider, and in some cases their IP address and name of their internet provider if connected to Wi-Fi. The records also contained details from users' public Google profile like email addresses, birth date, gender, and profile picture.

AI.Type also uploaded users' contacts and their phone numbers into the exposed MongoDB database.

This is once again a wakeup call for any company that gathers and stores data on their customers to protect, secure, and audit their data privacy practices.

'It is clear that data is valuable and everyone wants access to it for different reasons. They feature word prediction, emoji suggestions, customized layouts, and more.



Like this

loading...
loading...

Latest


06 December 2017
Labor MPs were 'hiding in plain sight'
Leader of the House Christopher Pyne said it showed Labor knew four of its members should be referred to the court. Gallagher stood aside from her frontbench portfolios and as manager of opposition business in the Senate.

06 December 2017
HD Supply Holdings Inc (HDS) Net Revenue Surprises Analysts
DUPONT CAPITAL MANAGEMENT Corp acquired a new stake in shares of HD Supply Holdings during the first quarter worth about $136,000. Vaughan Nelson Investment Management Lp decreased Hd Supply Hldgs Inc ( HDS ) stake by 11.86% reported in 2017Q2 SEC filing.

06 December 2017
Corning (GLW) Getting Somewhat Favorable News Coverage, Report Shows
Guggenheim reissued a "buy" rating and issued a $35.00 price target on shares of Corning in a report on Tuesday, August 15th. The electronics maker reported $0.39 EPS for the quarter, beating the Thomson Reuters' consensus estimate of $0.35 by $0.04.

06 December 2017
Former ACA Reporter Ben McCormack Avoids Jail Term Over Child Porn
McCormack was sensationally arrested back in April after a sting by NSW Police. McCormack pleaded guilty to the offences in September. I'll always have the attraction".

06 December 2017
Spanking kids can make them violent, study says
The researchers say that time-outs or rewarding positive behavior are both more effective at teaching kids right from wrong. They asked them about their childhood experiences, physical abuse and their current experiences with dating violence.

06 December 2017
Trials Show Inactivated Zika Virus Vaccine is Safe and Immunogenic
They wrote said the results from both trials are promising, but more research is needed to address key questions. They found this vaccine also produced an immune response, but it was not as strong.

06 December 2017
Schlumberger LTD (SLB) Holder Mitchell Group INC Has Cut Its Holding
Mechanics Bancorporation Department owns 16,827 shares or 0.26% of their U.S. portfolio. 62,676 are held by Williams Jones Assocs. After $0.40 actual EPS reported by Owens & Minor, Inc. for the previous quarter, Wall Street now forecasts 27.50% EPS growth.

06 December 2017
Silicon Valley VC takes leaves amid harassment allegations
In May, Pishevar was arrested in a London hotel on suspicion of rape, Forbes reported . Definers Public Affairs has denied any involvement in work related to Pishevar.

06 December 2017
Urban Outfitters Incorporated (NASDAQ:URBN) Sellers Covered 1.29% of Their Shorts
Eam Invsts Limited Company holds 0.17% of its portfolio in MobileIron, Inc. (NASDAQ: URBN ) for 399,506 shares. (NASDAQ: URBN ). Brown Advisory invested 0.02% of its portfolio in Urban Outfitters, Inc . (NASDAQ: URBN ) rating on Tuesday, November 17.

06 December 2017
Minnesota faces $188 million budget deficit
But he cautioned lawmakers against tapping a $1.6 billion budgetary reserve to solve a budget shortfall. Minnesota lawmakers will have to fill a projected $188 million budget deficit next year.