Декабря 13, 2017

AI.type virtual keyboard database hacked, data of 31 million users compromised

06 Декабря 2017, 02:40 | Edward Lowe

Over half a terabyte of private data was exposed due to there being no passwordiStock

Over half a terabyte of private data was exposed due to there being no passwordiStock

Uncovered by security researchers at Kromtech Security Centre, the keyboard app that offers an alternative to the native keyboards on Android and iOS devices was found to be extracting personal data from some 31 million users and flinging it over to an unsecured database server owned by the app's co-founder Eitan Fitusi. The company server - the source of the leak - was finally secured over the weekend, but not before a huge amount of data was leaked. Users of the app may want to think twice about typing any sensitive information while using the app, as it is likely to be sucked up and stored in a server.

However, while the exposure of the 577GB MongoDB database indicated poor security practice, researchers at Kromtech Security Center were even more shocked to see the breadth of information collected by the firm. The server has since been secured, but Fitusi did not respond when we asked for comment.

ZDNet obtained a portion of the database to verify.

While it may have tens of millions of users all over the world, the app's developers failed to protect the database with a password, enabling anyone to access this database that is over 577 GB heavy. The data also included links to and information about social media sites accessed by customers, though notably it didn't include passwords.

Other records are significantly more detailed.

Those who paid for the app would have far less data exposed, but it's still unclear just how much of their information has been gleaned too. More specifically it collected device IMSI and IMEI numbers, device makes and models, phone screen resolutions, phone numbers, the names of cell phone providers, IP addresses, internet providers, and Android version numbers. Many records also contained specific details of a user's public Google profile, including email addresses, dates of birth, genders, and profile photos. A large portion of the data also included the user's phone number and the name of their mobile provider.

Читайте также: Suspect accused of murdering Waterbury teen set to face a judge

ZDNet said it also found several tables of contact data uploaded from a user's phone, one with 10.7 million email addresses and another with 374.6 million phone numbers.

Numerous kinds of records of the app's users were available on the server.

It's not unusual for third-party keyboards to request access to different parts of the operating system. Android will warn users that keyboards "may be able to collect all the text that you type, including personal data like passwords and credit card numbers".

It doesn't stop there as the app also seemingly had access to a user's contacts. Any text entered on the keyboard "stays encrypted and private", says the company.

"It raises the question of why would a keyboard and emoji application need to gather the entire data of the user's phone or tablet?" There is no confirmation that malicious actors had accessed the data, though "theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online", said Bob Diachenko, head of communications at Kromtech Security Center.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2017 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Other News

Trending Now

European Union blacklists 17 tax havens for failing to comply with tax transparency
It said it will discuss the matter with related ministries and respond accordingly. "No one must get a free pass", he added. South Korea strongly refuted the decision.

DekaBank Deutsche Girozentrale Has $221.74 Million Stake in Johnson & Johnson (JNJ)
DekaBank Deutsche Girozentrale owned 0.06% of Johnson & Johnson worth $221,736,000 at the end of the most recent reporting period. It is positive, as 31 investors sold HSIC shares while 164 reduced holdings. 81 funds opened positions while 133 raised stakes.

GOP lawmaker suggests Democrat who touched him on arm may be gay
Bradford ended with, "And, uh, yeah, I'm pretty much without any further comment that would be constructive at this time". Brian Sims , the Legislature's only openly gay lawmaker, said from across the room, triggering bipartisan laughter.

Will Saudi's crown prince be TIME's Person of the Year?
Edition of Time, a survey was conducted among the readers whom they consider worthy of the title "person of the year". Prominent figures, including princes, ministers and businessmen, were taken into custody last month.

Merry Hill owner is bought in £3.4bn deal
The all-share offer represents a value of about 253.9 pence per Intu share, a premium of 27.6 percent to its Tuesday's close. Hammerson shareholders would own 55% of the enlarged group, while Intu shareholders would get the balance.

Analysts See $0.82 EPS for General Mills, Inc
The company reported $0.71 earnings per share (EPS) for the quarter, missing analysts' consensus estimates of $0.76 by ($0.05). Analysts expect General Mills, Inc. ( GIS ) traded down $0.61 during midday trading on Tuesday, hitting $57.25. (NYSE:GIS).

Delhi's 'very poor ' air quality likely to worsen
The obvious solution is to immediately stop hosting worldwide sporting events in Delhi until the Air Quality Index improves. And Sri Lankans wearing anti-pollution masks on the field showed how much Delhi is highly suffering from bad air quality.

Bus company subpoenaed after sending out offensive ad
We are looking forward to working with all students, organizations, and IL officials on this matter. We meant them no harm, and we felt we were being unjustly punished.

'Congress needlessly linking Ram Temple with polls, not bothered about nation'
Surjewala also accused the ruling BJP of raking up the Ayodhya issue to escape from the "failed" development promises. "Who he represents in court is Kapil Sibal's personal matter, the Congress has nothing to do with it.

Steinhoff CEO resigns, company says accounting irregularities to be investigated
The Steinhoff holding company is based in Amsterdam for tax reasons and has its primary listing on the Frankfurt stock exchange. In addition, the Company will determine whether any prior years" financial statements will need to be restated'.