1 min read

Oops! This Android keyboard app accidentally leaked 31 million users' personal details

Graham CLULEY

December 07, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Oops! This Android keyboard app accidentally leaked 31 million users' personal details

31 million users of an Android keyboard app have had their email addresses, phone numbers, and precise location exposed through the sheer carelessness of the app’s developer.

As ZDNet reports, customisable keyboard app AI.type left a 577GB database of sensitive data on an unsecured server which was left completely accessible to anybody, no password required.

The customisable keyboard app, which has been downloaded from the Google Play store approximately 40 million times, stored information on a Mongo-hosted database that had not been properly secured to prevent unauthorised access.

As if it wasn’t bad enough that 31 million users of the app had been put at risk, one of the database tables discovered by researchers contained an astonishing 374.6 million phone numbers – collected by the app (for reasons best known to itself) after it uploaded users’ contacts from their smartphones.

Yet more information stored in the exposed database detailed the apps installed on each users’ device, including banking and dating apps.

Users of the free edition of AI.Type were left particularly exposed as that version of the app collects more information than the paid edition, in order to make money through more targeted advertising.

According to security researchers at Kromtech, who discovered the unsecured database, it took several attempts to contact AI.Type, and for the poorly-configured server to be secured.

As has been noted before, despite there being security functionality built into MongoDB many administrators continue to make the mistake of not properly configuring the software – effectively creating a goldmine of information for data thieves.

For its part, MongoDB has published a security checklist describing best practices for protecting an installation of the software.

Whether you call data leaks like this an accident or evidence of incompetence is a matter of opinion, but one thing is clear – it is innocent users who are having their privacy and security put at risk by app developers like those who built AI.Type.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read