itestro - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Keyboard data leak exposes millions of personal records

A keyboard data leak by mobile developer Ai.type exposed millions of personal records through misconfigured MongoDB database settings.

A misconfigured MongoDB database and overreaching app permissions led to millions of personal records being leaked by a virtual keyboard developer.

Kromtech Security Center discovered the keyboard data leak by mobile developer Ai.type, which makes a mobile alternative keyboard app for Android and iOS. According to Kromtech, Ai.type used the default settings on its MongoDB database, meaning all 577 GB of data -- and 373 million records -- was publicly exposed.

The Ai.type keyboard data leak may have been caused by misconfigured MongoDB database settings, but researchers also noted the extensive permissions the keyboard asked of users. According to ZDNet, which first reported Kromtech's findings, the exposed data was properly secured after repeated attempts by the news outlet to contact Ai.type about the exposure.

The Ai.type keyboard asked users for "full access" to device data, which allowed the app to gather sensitive personal information and identifiable data on the mobile hardware being used.

The keyboard data leak included information gathered from more than 31 million users who had installed the Ai.type keyboard. This information included sensitive data such as names, phone numbers, mobile hardware identification info, email addresses and country of residence. Additionally, more than 6 million records gathered from user contacts were exposed.

"Theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online," Bob Diachenko, chief communication officer at Kromtech, wrote in a blog post. "This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user. It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices."

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does your organization deal with overreaching mobile app permissions?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close