Yeah, this isn’t good.
Third-party keyboards on Android have been tremendously popular for years, and one of the biggest ones – AI.type – recently had personal data leaked online for 31 million people that have downloaded it according to Kromtech Security Center. Seeing as how that’s 77.5% of AI.type’s 40 million global users, there’s a good chance your data is at stake if you use or have used the app in the past.
How in the world did this happen?
AI.type’s main server is owned and run by Co-Founder Eitan Fitusi, and despite having over 577GB worth of user data on it, the server wasn’t protected by any sort of password. Only personal data for Android users is apparently stored, and while Fitusi has since secured the server, it clearly wasn’t done fast enough.
According to ZDNet, personal data that’s been leaked includes the following:
- Full name of users
- Email addresses
- Phone numbers
- Cell phone service provider name
- IP address
- ISP name
- Info from Google accounts (DOB, photos, gender)
- City and country of residency
- IMSI and IMEI numbers
- Make/model of device(s) app was installed on
Users of the free version of AI.type are at a greater risk.
Along with the leak, we also get to see that AI.type might not have been so truthful with claims of its users’ privacy being its "main concern."
Text entered using AI.type is recorded and then saved for an undisclosed amount of time and emails, passwords, and other sensitive information are saved by those using the keyboard despite AI.type claiming to "never share your data or learn from password fields."
Speaking to ZDNet, Head of Communications at Kromtech Security Center, Bob Diachenko, said:
Theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online. This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user.
In other words, if you’ve ever used AI.type, you have reason to be concerned right now.
December 5, 2017 at 09:43AM