Cyber Wisdom Commentary:
Three separate sources indicated that personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app’s developer failed to secure the database’s server that stores mainly records on the app’s Android users. The server wasn’t protected with a password, allowing anyone to access the company’s database of user records, totaling more than 577 gigabytes of sensitive data.
The discovery was found by security researchers at the Kromtech Security Center, which posted details of the exposure alongside ZDNet. The data was only secured after several attempts to contact Fitusi, who acknowledged the security lapse this weekend. The server has since been secured, but Fitusi did not respond when we asked for comment.
ZDNet obtained a portion of the database to verify. Each record contains a basic collected data, including the user’s full name, email addresses, and how many days the app was installed. Each record also included a user’s precise location, including their city and country. A large portion of the records also included the user’s phone number and the name of their cell phone provider, and in some cases their IP address and the name of their internet provider if connected to Wi-Fi. Many records contain specific details of a user’s public Google profile, including email addresses, dates of birth, genders, and profile photos.
We also found several tables of contact data uploaded from a user’s phone. One table listed 10.7 million email addresses, while another contained 374.6 million phone numbers. It’s not clear for what reason the app uploaded email addresses and phone numbers of contacts on users’ phones. In addition, several tables contained lists of each app installed on a user’s device, such as banking apps and dating apps
For its part, AI.type says on its website that user’s privacy “is our main concern.” Any text entered on the keyboard “stays encrypted and private,” says the company. “Theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online,
Read these articles for more exposed information!
Personal info of 31 million people leaked by popular virtual keyboard Ai.type
Data belonging to 31 million users of the popular smartphone virtual keyboard, Ai.type, has leaked online after the developer failed to properly secure the app’s database. Ai.type is a freemium virtual keyboard that runs on iOS and Android, with the bulk of the users on Android. According to the developers, Ai.type can learn the user’s writing style, and even auto-insert emoji. According to Zack Whittaker of ZDNet, the app’s database server was left online without any form of authentication. This meant anyone could access the company’s treasure-trove of personal information, which totals more than 577 gigabytes of data, without needing… This story continues at The Next Web… Personal info of 31 million people leaked by popular virtual keyboard Ai.type
Massive Breach Exposes Keyboard App that Collects Personal Data On Its 31 Million Users
In the digital age, one of the most popular sayings is—if you’re not paying, then you’re not the customer, you’re the product. While downloading apps on their smartphones, most users may not realize how much data they collect on you. Believe me; it’s way more than you can imagine. Nowadays, many app developers are following irresponsible practices that are worth understanding, and we don’t… Massive Breach Exposes Keyboard App that Collects Personal Data On Its 31 Million Users
This is one more story that our Apps are not truly safe from breaches.