Marketed as an ‘intelligent’ keyboard, the Ai.Type Android app promises to learn users’ typing habits, accurately predicting what they are going to say and correcting any mistakes that they might make along the way.
Sound appealing? More than 30 million smartphone users certainly thought so when they downloaded the app to their iPhones and Android devices.
But what they didn’t sign up for is having their personal data leaked publicly online.
Unfortunately, that’s exactly what happened when a misconfiguration left client files covering 31,293,959 users openly accessible – without even a password or any encryption to protect them.
Hosted by MongoDB, the database contained over 373 million records, including phone numbers, contacts and social media information.
And while there are many companies that use MongoDB to store data safely and securely, an error in Ai.Type’s settings meant that users’ sensitive data was left alarmingly exposed.
As well as constituting an extreme breach in confidentiality, this leak has also exposed exactly how much data seemingly innocuous apps are collecting on their users.
Ai.Type accidentally exposed their entire 577GB database to anyone with an internet connection.
This also exposed just how much data they access and how they obtain a treasure trove of data that average users do not expect to be extracted or datamined from their phone or tablet.
Theoretically it is possible that anyone who downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their personal data exposed.- Bob Diachenko: Chief Communication Officer, Kromtech
According to experts, the breach also exposed users’ full names, as well as their device name and model, SMS number, screen resolution, language settings, IMEI number, IP address and location.
Not only that, but personal photographs and emails connected to their phones may also have leaked.
As well as posing a security risk, this latest development will also worry those who already fear that too much data is being collected about us online.
These days, it is common for users to sign away their information in return for services or applications. However, they may not always understand the ways in which this data is being used.
With this latest leak from a popular app, will users start to think twice before being so open with their personal information online?