Sensitive Data of 31 Million Users Exposed by Developers of Popular Virtual Keyboard App
A popular virtual keyboard has reportedly compromised private data from 31 million users.
Another massive personal information leak was recently revealed by Kromtech Security Center. According to the cyber security firm, data belonging to 31,293,959 users were found online and could be accessed by the public because of a "misconfigured MongoDB database."
Kromtech added that the faulty database was owned by the Israeli developer Ai.Type, a startup known for offering personalized keyboards for mobile devices running on Android and iOS.
The security firm also noted that the release of the users' details -- which amount to 577 GB worth of files -- happened by accident. Unfortunately, the error in Ai.Type's MongoDB database enabled anyone with access to the internet to view or download the leaked data.
Kromtech further explained that the use of MongoDB for remote data storage was common but "a simple misconfiguration" could lead to the massive leak, such as what happened with Ai.Type.
According to the report, the compromised data included very sensitive information about Ai.Type's users such as their full names, phone numbers, and the kind of mobile device that they had. Kromtech added that very specific details about the user's smartphone were also included in the leaked data.
More than 31 million people who installed the Ai.Type virtual keyboard reportedly had their mobile network name, SMS number, screen resolution, user languages enabled, Android version and other pieces of information in the database.
The leak also included very specific and sensitive details like the device's International Mobile Subscriber Identity and unique IMEI numbers, the email linked to the smartphone, as well as information on users' social media accounts, location data, and even photos.
In light of the multi-million information leak, Kromtech's Bob Diachenko commented: "This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user. It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices."