According to a new report, personal data from over 31 million users of the popular AI.type customizable keyboard has been leaked to the public.
The emails, phone numbers, and locations of 31 million users of Android keyboard app Ai.type have been compromised after the developer failed to secure the server on which the information was stored.
Some of the records, however, are far more significant and include phone numbers and IP addresses. In some cases, there’s even specific details from the user’s Google profile, including birth dates, genders, and profile pictures.
The report explains that the data wasn’t protected with a password, making it easily accessible to employees.
AI.type co-founder Eitan Fitusi says the company has secured the database since revelation of the leak, but hasn’t yet commented on the issue. While the app is available for both iOS and Android, the leaked data seems to relate only to Android users.
It doesn’t stop there as the app also seemingly had access to a user’s contacts. One of the leaked database tables includes 10.7 million email addresses from contact data. Another tablet contains 374.6 million phone numbers.
We also found several tables of contact data uploaded from a user’s phone. One table listed 10.7 million email addresses, while another contained 374.6 million phone numbers.
Google often warns users of the security risks that come with the use of a third-party keyboard, but AI.type touts on its website that user privacy is its “main concern” and that any entered text “stays encrypted and private.” Furthermore, AI.type says it will “never share or learn data from password fields.”
According to the report the company had collected more than 8.6 million text entries collected from the keyboard, including phone numbers, web search terms, and concatenated emails and passwords.
While AI.type says the database has since been secured, the report is still incredibly damning, specifically relating to the app’s collection of seemingly critical information.
Once that data is gone users have little to no knowledge of what is done with their personal data. Why would a keyboard and emoji application need to gather the entire data of the user’s phone or tablet?
Based on the leaked database they appear to collect everything from contacts to keystrokes. This is a shocking amount of information on their users who assume they are getting a simple keyboard application.