Thirty-one million of ai.type customizable and personalizable on-screen keyboard Free Emoji Keyboard’s 40 million users have had their personal data leaked online.
The leak was due to the app’s developer failing to secure their database server. Ethan Fitusi, the co-founder of ai.type, did not password protect the server, which allowed anyone to access the company’s database, which held 577GB of sensitive data.
The database reportedly contained records on the app’s Android users.
Kromtech Security Center, who discovered the breach, posted details of the exposure. The data is now secured after several attempts to contact Fitusi, according to ZDNet, who also hacked the database.
The data collected included the user’s full name, email address, and a user’s precise location. For those who use the paid version of the app, the records included their device’s IMSI and IMEI numbers, smartphone make and model, as well as its screen resolution and the specific version of Android.
Some users had their phone number and the name of their cell phone provider also leaked. If the user connected to Wi-Fi while using the keyboard it also gave them access to the user’s IP address, name of their internet provider.
In some cases, a user’s public Google profile, including email addresses connected, dates of birth, genders and profile photos were included.
Even 8.6 million entries of text that had been entered using the keyboard were uncovered, including phone numbers, web search terms, email addresses and their passwords were saved on the database.
Bob Diachenko, the head of communications of Kromtech Security Center, told ZDNet that it’s logical that anyone who downloaded and installed the ai.Type keyboard had all of their personal information exposed online.
Data like this could have been used by cybercriminals and sold to the highest bidder, depending on the users of the app.