Virtual keyboard leaked the personal data of 31 million of its users online

ai type keyboard in the play store

Thirty-one million of ai.type customizable and personalizable on-screen keyboard Free Emoji Keyboard’s 40 million users have had their personal data leaked online.

The leak was due to the app’s developer failing to secure their database server. Ethan Fitusi, the co-founder of ai.type, did not password protect the server, which allowed anyone to access the company’s database, which held 577GB of sensitive data.

The database reportedly contained records on the app’s Android users.

Kromtech Security Center, who discovered the breach, posted details of the exposure. The data is now secured after several attempts to contact Fitusi, according to ZDNet, who also hacked the database.

The data collected included the user’s full name, email address, and a user’s precise location. For those who use the paid version of the app, the records included their device’s IMSI and IMEI numbers, smartphone make and model, as well as its screen resolution and the specific version of Android.

Some users had their phone number and the name of their cell phone provider also leaked. If the user connected to Wi-Fi while using the keyboard it also gave them access to the user’s IP address, name of their internet provider.

In some cases, a user’s public Google profile, including email addresses connected, dates of birth, genders and profile photos were included.

Even 8.6 million entries of text that had been entered using the keyboard were uncovered, including phone numbers, web search terms, email addresses and their passwords were saved on the database.

Bob Diachenko, the head of communications of Kromtech Security Center, told ZDNet that it’s logical that anyone who downloaded and installed the ai.Type keyboard had all of their personal information exposed online.

Data like this could have been used by cybercriminals and sold to the highest bidder, depending on the users of the app.

Source: ZDNet


  • Luiz Amaral ★彡

    I use swiftkey, but I block any of its connections to wifi/data, access to location, sms and storage. I like the keyboard and its prediction, only. Don’t try to spy on me.

  • Sessions99

    The dev just replied to a comment left on their Google Play app page suggesting that only a security company accessed the data, and that it contained mostly anonymous usage info with no sensitive data included. I’m sure those who installed the app would like to know who is telling the truth.