Personal information of 31 million users of the popular Ai.Type virtual keyboard app has been leaked online, a new report unveiled.
The report details that the Israel-based maker of the app had failed to secure its database server as the data wasn’t protected with a password. Virtual keyboard app developer Ai.Type accidentally made the data easily accessible to employees.
Leaked information Includes users’ names, phone contacts, email addresses, the registered location including city and country data, according to security researchers. Some of the data even include phone numbers and IP addresses. Specific information of user’s Google profile, such as profile pictures, birth dates, and genders has also been leaked.
Researchers at Kromtech Security Center discovered the issue and reported Ai.Type last month. They found that the data was stored in a MongoDB database and it was configured so that any outsiders online could access it.
The report says the information was encrypted and private but the database was not encrypted and the startup was recording and storing some of the text entered on the keyboard.
Ai.Type offers its keyboard’s Android and iOS version and it has over 60 million users.
Ai.Type’s CEO Eitan Fitusi said, “We are not collecting\storing\sending any password or credit card information.” “When the keyboard does collect statistical data about keyboard strokes, it is not tied to any identifiable user information, he added.
However, AI.Type is claiming that the database was secured, but the report is still declining this claim.