1 min read

Oops! This Android keyboard app accidentally leaked 31 million users' personal details

Graham CLULEY

December 07, 2017

Oops! This Android keyboard app accidentally leaked 31 million users' personal details

31 million users of an Android keyboard app have had their email addresses, phone numbers, and precise location exposed through the sheer carelessness of the app’s developer.

As ZDNet reports, customisable keyboard app AI.type left a 577GB database of sensitive data on an unsecured server which was left completely accessible to anybody, no password required.

The customisable keyboard app, which has been downloaded from the Google Play store approximately 40 million times, stored information on a Mongo-hosted database that had not been properly secured to prevent unauthorised access.

As if it wasn’t bad enough that 31 million users of the app had been put at risk, one of the database tables discovered by researchers contained an astonishing 374.6 million phone numbers – collected by the app (for reasons best known to itself) after it uploaded users’ contacts from their smartphones.

Yet more information stored in the exposed database detailed the apps installed on each users’ device, including banking and dating apps.

Users of the free edition of AI.Type were left particularly exposed as that version of the app collects more information than the paid edition, in order to make money through more targeted advertising.

According to security researchers at Kromtech, who discovered the unsecured database, it took several attempts to contact AI.Type, and for the poorly-configured server to be secured.

As has been noted before, despite there being security functionality built into MongoDB many administrators continue to make the mistake of not properly configuring the software – effectively creating a goldmine of information for data thieves.

For its part, MongoDB has published a security checklist describing best practices for protecting an installation of the software.

Whether you call data leaks like this an accident or evidence of incompetence is a matter of opinion, but one thing is clear – it is innocent users who are having their privacy and security put at risk by app developers like those who built AI.Type.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read