Researchers from the Kromtech Security Centre have uncovered a vast amount of private information online that pertains to over 31 million users of AI.type, a well-known virtual keyboard programme.
The information was part of a MongoDB database that was unintentionally made public online without any security measures in place.
According to the stolen information, they seem to be gathering everything—including keystrokes and contacts. This is an astounding amount of data about their users, who seem to think they are only buying a keyboard app.
More than 373 million records, including all of the contacts synced on the associated Google account, were taken from the phones of registered users and dumped into the public domain.
Source: https://securityaffairs.com/66392/data-breach/keyboard-app-ai-type-data-leak.html
TPRM report: https://scoringcyber.rankiteo.com/company/a.i.type
"id": "ait333181223",
"linkid": "a.i.type",
"type": "Data Leak",
"date": "12/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Over 31 million users',
'industry': 'Technology',
'name': 'AI.type',
'size': 'Over 31 million users',
'type': 'Company'}],
'attack_vector': 'Unsecured MongoDB Database',
'data_breach': {'number_of_records_exposed': '373 million',
'type_of_data_compromised': ['Keystrokes', 'Contacts']},
'description': 'Researchers from the Kromtech Security Centre discovered a '
'vast amount of private information online that pertains to '
'over 31 million users of AI.type, a well-known virtual '
'keyboard programme. The information was part of a MongoDB '
'database that was unintentionally made public online without '
'any security measures in place. The stolen information '
'includes keystrokes and contacts, totaling over 373 million '
'records, including all of the contacts synced on the '
'associated Google account.',
'impact': {'data_compromised': ['Keystrokes', 'Contacts']},
'references': [{'source': 'Kromtech Security Centre'}],
'title': 'AI.type Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Unsecured Database'}