INFRA
INFRA
INFRA
Keyboard maker AI.type exposes 31M customer records in latest database breach
Another day, another misconfigured database exposing customer data online.
Today’s data breach involving 31 million records collected by Israeli emoji mobile keyboard maker AI.type. First spotted by the Kromtech Security Center, the data was found on a misconfigured MongoDB installation that AI.type had failed to make private and also had failed to set password protection for.
The database of 577 gigabytes of data collected from users of the keyboard included a huge range of personal information. It included phone number, full name of the owner, device name and model, mobile network name, SMS number, screen resolution, user languages enabled, Android version, IMSI and IMEI numbers (both used to identify a mobile phone), email addresses associated with the phone and country of residence. The data also included links to and information about social media sites accessed by customers, though notably it didn’t include passwords.
Why AI.type would be gathering that amount of information, seemingly irrelevant to its role of providing an emoji-focused keyboard, is not entirely clear, particularly given the company itself states that it does not sell the data to third parties.
Strangely, the data breach applies only to Android users of AI.type keyboards, not iOS users. There is no confirmation that malicious actors had accessed the data, though “theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online,” said Bob Diachenko, head of communications at Kromtech Security Center.
“This presents a real danger for cybercriminals who could commit fraud or scams using such detailed information about the user,” Diachenko added. “It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices.”
AI.type’s data breach is far from lacking precedent in recent times, as an ever-growing number of companies have been caught misconfiguring their databases and exposing customer data online. The most recent example was the National Credit Federation in late November, joining a list that includes the U.S. Army Intelligence and Security Command, Accenture Plc., Verizon Communications Inc. and U.S. military contractor TigerSwan.
Image: AI.type
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
