INFRA
INFRA
INFRA
Keyboard maker AI.type exposes 31M customer records in latest database breach
Another day, another misconfigured database exposing customer data online.
Today’s data breach involving 31 million records collected by Israeli emoji mobile keyboard maker AI.type. First spotted by the Kromtech Security Center, the data was found on a misconfigured MongoDB installation that AI.type had failed to make private and also had failed to set password protection for.
The database of 577 gigabytes of data collected from users of the keyboard included a huge range of personal information. It included phone number, full name of the owner, device name and model, mobile network name, SMS number, screen resolution, user languages enabled, Android version, IMSI and IMEI numbers (both used to identify a mobile phone), email addresses associated with the phone and country of residence. The data also included links to and information about social media sites accessed by customers, though notably it didn’t include passwords.
Why AI.type would be gathering that amount of information, seemingly irrelevant to its role of providing an emoji-focused keyboard, is not entirely clear, particularly given the company itself states that it does not sell the data to third parties.
Strangely, the data breach applies only to Android users of AI.type keyboards, not iOS users. There is no confirmation that malicious actors had accessed the data, though “theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online,” said Bob Diachenko, head of communications at Kromtech Security Center.
“This presents a real danger for cybercriminals who could commit fraud or scams using such detailed information about the user,” Diachenko added. “It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices.”
AI.type’s data breach is far from lacking precedent in recent times, as an ever-growing number of companies have been caught misconfiguring their databases and exposing customer data online. The most recent example was the National Credit Federation in late November, joining a list that includes the U.S. Army Intelligence and Security Command, Accenture Plc., Verizon Communications Inc. and U.S. military contractor TigerSwan.
Image: AI.type
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
