AI.type virtual keyboard database hacked, data of 31 million users compromised
06 Декабря 2017, 02:40 | Edward Lowe
Over half a terabyte of private data was exposed due to there being no passwordiStock
Uncovered by security researchers at Kromtech Security Centre, the keyboard app that offers an alternative to the native keyboards on Android and iOS devices was found to be extracting personal data from some 31 million users and flinging it over to an unsecured database server owned by the app's co-founder Eitan Fitusi. The company server - the source of the leak - was finally secured over the weekend, but not before a huge amount of data was leaked. Users of the app may want to think twice about typing any sensitive information while using the app, as it is likely to be sucked up and stored in a server.
However, while the exposure of the 577GB MongoDB database indicated poor security practice, researchers at Kromtech Security Center were even more shocked to see the breadth of information collected by the firm. The server has since been secured, but Fitusi did not respond when we asked for comment.
ZDNet obtained a portion of the database to verify.
While it may have tens of millions of users all over the world, the app's developers failed to protect the database with a password, enabling anyone to access this database that is over 577 GB heavy. The data also included links to and information about social media sites accessed by customers, though notably it didn't include passwords.
Other records are significantly more detailed.
Those who paid for the app would have far less data exposed, but it's still unclear just how much of their information has been gleaned too. More specifically it collected device IMSI and IMEI numbers, device makes and models, phone screen resolutions, phone numbers, the names of cell phone providers, IP addresses, internet providers, and Android version numbers. Many records also contained specific details of a user's public Google profile, including email addresses, dates of birth, genders, and profile photos. A large portion of the data also included the user's phone number and the name of their mobile provider.
ZDNet said it also found several tables of contact data uploaded from a user's phone, one with 10.7 million email addresses and another with 374.6 million phone numbers.
Numerous kinds of records of the app's users were available on the server.
It's not unusual for third-party keyboards to request access to different parts of the operating system. Android will warn users that keyboards "may be able to collect all the text that you type, including personal data like passwords and credit card numbers".
It doesn't stop there as the app also seemingly had access to a user's contacts. Any text entered on the keyboard "stays encrypted and private", says the company.
"It raises the question of why would a keyboard and emoji application need to gather the entire data of the user's phone or tablet?" There is no confirmation that malicious actors had accessed the data, though "theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online", said Bob Diachenko, head of communications at Kromtech Security Center.
При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна. «» 2007 - 2017 Copyright. Автоматизированное извлечение информации сайта запрещено.
Will Saudi's crown prince be TIME's Person of the Year?
Edition of Time, a survey was conducted among the readers whom they consider worthy of the title "person of the year". Prominent figures, including princes, ministers and businessmen, were taken into custody last month.
Merry Hill owner is bought in £3.4bn deal
The all-share offer represents a value of about 253.9 pence per Intu share, a premium of 27.6 percent to its Tuesday's close. Hammerson shareholders would own 55% of the enlarged group, while Intu shareholders would get the balance.
Analysts See $0.82 EPS for General Mills, Inc
The company reported $0.71 earnings per share (EPS) for the quarter, missing analysts' consensus estimates of $0.76 by ($0.05). Analysts expect General Mills, Inc. ( GIS ) traded down $0.61 during midday trading on Tuesday, hitting $57.25. (NYSE:GIS).
Delhi's 'very poor ' air quality likely to worsen
The obvious solution is to immediately stop hosting worldwide sporting events in Delhi until the Air Quality Index improves. And Sri Lankans wearing anti-pollution masks on the field showed how much Delhi is highly suffering from bad air quality.