It seems that there has been another important data leak, affecting 31 million users of the popular customizable virtual keyboard application Ai.type.
Personal information – all 577 GB – was exposed online because the Israeli-based manufacturer of the application had not been able to secure its database server, according to Kromtech Security Center, which exposed the leak.
Reports suggest that the data in question, which have been verified by ZDNet, include full names and email addresses of Ai.type users, as well as the dates showing when the cross-platform application was installed. Each record also reveals the user's registered location, such as their city and country.
For currently unclear reasons, it is reported that part of the filtered information includes details related to Google profiles, such as birth dates, gender and profile images. About 10 million email addresses were also found, as well as 373 million phone numbers apparently taken from telephone contacts of registered users, although as ZDNet noted, "It is not clear why the application loaded" such data .
The website of the application insists that the information entered by those who use Ai.type is "encrypted and private", but it seems that the database was not encrypted, and the researchers said that at least part of the text entered on the keyboard was being recorded and stored by
The creator of the application, Eitan Fitusi, told Digital Trends that far from spying on users, any input information collected is simply "statistical information" used to help boost the AI prediction engine of the application. Fitusi added that the input data is "non-personal" so it can not be connected to a particular user or device.
It seems that the users who downloaded the free version of Ai.type had more data exposed than those with the pay as the free version collects more information from the devices. In addition, the misconfigured database seems to contain information linked only to the Android users of the application, which means that the data belonging to the iOS users of the application are not affected. Now all the data has been secured by the start-up, ZDNet reported.
Users of type Ai, however, will be relieved to learn that no passwords or payment details were saved on the server.
In what seems to have been an alarmingly elementary error, the server supposedly had no password protection, opening the data to Internet users who could browse, download or even delete the information it contained.
Ai.type uses artificial intelligence to help users write faster and more accurately. DT listed it earlier this year as a decent virtual keyboard app for emoji fans, as it allows you to put the colorful characters in front and center in a couple of touches.