Skip to main content

A popular virtual keyboard leaked the personal data of 31 million users

Smartphone-Future-0001 how to reduce your data usage
Image used with permission by copyright holder
It seems there’s been another sizable data leak, this one affecting 31 million users of the popular customizable virtual keyboard app Ai.type.

The personal information — all 577GB of it — was exposed online because the Israel-based maker of the app had failed to secure its database server, according to Kromtech Security Center, which exposed the leak.

Reports suggest that the data in question, which has been verified by ZDNet, includes full names and email addresses of Ai.type users, as well as dates showing when the cross-platform app was installed. Each record also reveals the user’s registered location, such as their city and country.

For reasons currently unclear, some of the leaked information is reported to also include details linked to Google profiles, such as birth dates, genders, and profile pictures. Around 10 million email addresses were also found, as were some 373 million phone numbers seemingly taken from the contacts of registered users’ phones, though as ZDNet pointed out, “It’s not clear for what reason the app uploaded” such data.

The app’s website insists that information input by those using Ai.type is “encrypted and private,” but it appears the database was not encrypted, with researchers claiming that at least some of the text entered on the keyboard was being recorded and stored by the startup.

The app’s creator, Eitan Fitusi, told Digital Trends that far from spying on users, any collected input data is simply “statistical information” used to help power the app’s A.I. prediction engine. Fitusi added that the input data is “non-personal” so it can’t be connected to a particular user or device.

It seems that users who downloaded the freemium version of Ai.type had more data exposed than those with the paid version as the free one collects more information from devices. Also, the misconfigured database seems to have contained information linked only to Android users of the app, meaning that data belonging to the app’s iOS users is unaffected. All data has now been secured by the startup, ZDNet reported.

Ai.type users will at least be relieved to learn that no passwords or payment details were kept on the server.

Elementary error

In what appears to have been an alarmingly elementary error, the server reportedly had no password protection, opening up the data to internet users who could then browse, download, or even delete the information held on it.

Ai.type uses artificial intelligence to help users type faster and more accurately. DT listed it earlier this year as a decent virtual keyboard app for emoji fans as it lets you put the colorful characters front and center in a couple of taps.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Doordash data breach affects 4.9 million people, divulges physical addresses
DoorDash breach | Doordash app on a phone

Doordash is the latest tech company to suffer a major data breach. The company has announced that an unauthorized third party was able to gain access to Doordash user data on May 9, 2019, in a breach that affected a hefty 4.9 million users, delivery drivers, and merchants. According to the company, users who joined after April 5, 2018, were not affected by the breach.

"We take the security of our community very seriously. Earlier this [year], we became aware of unusual activity involving a third-party service provider," said the company in a blog post. "We immediately launched an investigation and outside security experts were engaged to assess what occurred."

Read more
E3 leaks personal information of thousands of journalists
Playstation character wall at E3 2018

The personal details of thousands of journalists have been leaked by the organizers of E3. The Entertainment Software Association (ESA), which organizes the annual E3 gaming conference, had a publicly accessible document on its website which showed the names, phone numbers, and home addresses of journalists who registered for press badges at the event. The spreadsheet was available to anyone who clicked a button on the ESA website, compromising the security of over 2000 members of the press.

The leak was first spotted by YouTuber Sophia Narwitz, a games writer who published a video about the issue on Friday titled "The Entertainment Software Association just doxxed over 2000 journalists and content creators." Narwitz said she felt it was her "journalistic duty to alert the public" and that she was "stunned that... the ESA had a document out in the open" which revealed so much information about journalists.

Read more
Does the Samsung Galaxy Ring work with the iPhone?
The side of the Samsung Galaxy Ring.

Samsung has unveiled its newest product, the Samsung Galaxy Ring. While we mostly see iterative updates to Samsung's lineup of phones and smartwatches, the Galaxy Ring is a brand new product category for Samsung, and that’s a big deal.

Smart rings have become more popular in recent years as an alternative or complement to existing wearables, such as the Apple Watch or Galaxy Watch. The leading player in the smart ring market has been the Oura Ring, but that may be changing soon now that Samsung has entered the fray with the Galaxy Ring.

Read more