Data belonging to more than 31 million users who were using a well-known virtual keyboard app has been leaked due to a security breach. The data leak occurred because the developer had not secured the server for the database.
This particular virtual keyboard product, Ai.type, has more than 40 million people from all over the world as its user base.
Ai.type offers users a freemium option for the virtual keyboard app. It runs both on Android and iOS devices, but it’s mostly used by Android users.
The developers of the app say that it can understand the writing style of its users and automatically insert emojis on the basis of this understanding.
Serious Data Leak
The Ai.type virtual keyboard was subject to a massive data leak with 577 GB of personal information related to 31 million users being revealed online.
Kromtech cybersecurity researchers were the first to reveal this leak.
The data leak reportedly contains information related to the names and the email addresses of the 31 million users of the Ai.type application.
The stolen data also involves the dates on which the users had installed the application, as well as the user’s location, city and country.
As if this alone was not bad enough, the data leak also contained the contact list of the users, amounting to more than 370 million phone numbers.
Profile Details Leaked
There is also information stating that other details of users, such as those connected with their Google profile, have been leaked.
These include their date of birth and gender, as well as their profile pictures.
The data leak also accessed details of the users’ phone make, such as the model and the IMSI/IMEI numbers, as well as the phone screen resolution, its make/model, etc.
Reports indicate there were around 10 million email addresses leaked as well.
Worrying Aspects
Many who witnessed this leak are unable to understand why the app had loaded such identifiable information on it.
Security professionals stated that it was worrying that the information uploaded by the app was personal in nature, despite the developer’s privacy policy disclosure that the product does collect user data.
The leaked database contained the locations of users, the name of their cell providers, the IP address and the ISP (Internet Service Provider) of the user, which they use for connecting to the internet with WiFi.
Another worrying aspect is that the data leak also involved other apps that were installed on users’ phones.
This would allow the hackers to know the banking app or the dating app that the user was employing, among other online platforms.
Data Breach
The security breach of the Ai.type virtual keyboard app occurred because there was a lack of password protection.
As there was no password protection, almost anybody was able to access the database of its users and view their personal information and records.
However, the database contains records of only Android users. Reportedly, the Ai.type server had been left without being authenticated, so it was easy for a hacker to get the personal information available without using passwords.