The personal information — all 577GB of it — was exposed online because the Israel-based maker of the app had failed to secure its database server, according to Kromtech Security Center, which exposed the leak.
Reports suggest that the data in question, which has been verified by ZDNet, includes full names and email addresses of Ai.type users, as well as dates showing when the cross-platform app was installed. Each record also reveals the user’s registered location, such as their city and country.
For reasons currently unclear, some of the leaked information is reported to also include details linked to Google profiles, such as birth dates, genders, and profile pictures. Around 10 million email addresses were also found, as were some 373 million phone numbers seemingly taken from the contacts of registered users’ phones, though as ZDNet pointed out, “It’s not clear for what reason the app uploaded” such data.
The app’s website insists that information input by those using Ai.type is “encrypted and private”, but it appears the database was not encrypted, with researchers claiming that at least some of the text entered on the keyboard was being recorded and stored by the startup.
The app’s creator, Eitan Fitusi, told Digital Trends that far from spying on users, any collected input data is simply “statistical information” used to help power the app’s AI prediction engine. Fitusi added that the input data is “non-personal” so it can’t be connected to a particular user or device.
It seems that users who downloaded the freemium version of Ai.type had more data exposed than those with the paid version as the free one collects more information from devices. Also, the misconfigured database seems to have contained information linked only to Android users of the app, meaning that data belonging to the app’s iOS users is unaffected. All data has now been secured by the startup, ZDNet reported.
Ai.type users will, however, be relieved to learn that no passwords or payment details were kept on the server.
Elementary error
In what appears to have been an alarmingly elementary error, the server reportedly had no password protection, opening up the data to internet users who could then browse, download, or even delete the information held on it.Ai.type uses artificial intelligence to help users type faster and more accurately. DT listed it earlier this year as a decent virtual keyboard app for emoji fans as it lets you put the colorful characters front and center in a couple of taps.
