Virtual keyboard app developer Ai.Type accidentally exposed the personal data of 31 million users, including their phone contacts, according to security researchers.
ZDNet's report found, however, that the company had collected more than 8.6 million text entries collected from the keyboard, including phone numbers, web search terms, and concatenated emails and passwords. The company claims its app has been downloaded more than 40 million times, with additional keyboards that support over 40 languages from Farsi to Slovenian.
Security researchers say the AI.type app's developer failed to secure the database server containing everything from user's names to their locations. It also contained seemingly useless information such as each user's IMSI and IMEI device number - which are unique numbers to identify a phone on the global network and one to identify it on a particular network - alongside make and model information, screen resolution and even the version of Android it's running. Each record also included a user's precise location, including their city and country.
ZDNet obtained a portion of the database to verify.
Swiss National Bank Has $861.02 Million Holdings in General Electric Company (GE)
It turned negative, as 82 investors sold OXY shares while 326 reduced holdings. 35 funds opened positions while 110 raised stakes. BidaskClub upgraded Portland General Electric from a "hold" rating to a "buy" rating in a report on Wednesday, August 23rd.
For reasons now unclear, some of the leaked information is reported to also include details linked to Google profiles, such as birth dates, genders, and profile pictures.
"The misconfigured MongoDB database appears to belong to Ai.Type a Tel Aviv-based startup that designs and develops a personalized keyboard for mobile phones and tablets for both Android and iOS devices", Kromtech Security Center said. ZDNet said it also uncovered the contact details from user's address books. Any text entered on the keyboard "stays encrypted and private", says the company. "This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user", Bob Diachenko of the Kromtech Security Center said.
"It is clear that data is valuable and everyone wants access to it for different reasons", he said. However, he outlined that most of the data was insensitive.
"It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices".