Wednesday 6 December 2017

Unprotected Virtual Keyboard App Leaks 31 Million Android Users Private Data

Unprotected Virtual Keyboard App Leaks 31 Million Android Users Private Data

A Virtual keyboard App Leaked 31 Million Customer Data 

Due to lack of security the app developer wasn't protect the app server database with strong password, and leave it to expose users private information.

  • 31 Million Users Database Leaked of AI.Type Android App.
  • Record contain Users Full name, Email ID.
  • Record contain Users Location including their country and city.
  • Record contain users Mobile IMSI and IMEI numbers with device model name.

AI.type is the smartest, most personalized keyboard for smartphones and tablets. With over 40 million users worldwide. AI.Type is also available on iPhone and asking for full access while downloading the App.

The App server wasn't protected and allowing to attacker to access the company's database of user record, it Approx 577GB data recorded.

The Kromtech Security researchers have discovered a massive amount of customer files leaked online and publically available. Researchers were able to access the data and details of 31,293,959 users. The misconfigured MongoDB database appears to belong to Ai.Type a Tel Aviv-based startup that designs and develops a personalized keyboard for mobile phones and tablets for both Android and iOS devices.

The database contain Android App users records, Phonebook and Contact Records.

6,435,813 records that contained data collected from users’ contact books, including names (as entered originally) and phone numbers, in total more than 373 million records scraped from registered users’ phones, which include all their contacts saved/synced on linked Google account.

Image source : mackeepersecurity
Bob Diachenko, head of communications at Kromtech Security Center:

Theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online. This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user. It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer