As detailed in a new report from ZDNet, personal data from over 31 million users of the popular AI.type customizable keyboard has been leaked to the public. The report explains that the data wasn’t protected with a password, making it easily accessible to employees…
AI.type co-founder Eitan Fitusi says the company has secured the database since revelation of the leak, but hasn’t yet commented on the issue. While the app is available for both iOS and Android, the leaked data seems to relate only to Android users.
Each of the leaked records includes names, email addresses, and the precise location of users, including city and country data. Some of the records, however, are far more significant and include phone numbers and IP addresses. In some cases, there’s even specific details from the user’s Google profile, including birth dates, genders, and profile pictures.
It doesn’t stop there as the app also seemingly had access to a user’s contacts. One of the leaked database tables includes 10.7 million email addresses from contact data. Another tablet contains 374.6 million phone numbers. ZDNet explains that it’s unclear why AI.type had access to and uploaded contact information:
We also found several tables of contact data uploaded from a user’s phone. One table listed 10.7 million email addresses, while another contained 374.6 million phone numbers. It’s not clear for what reason the app uploaded email addresses and phone numbers of contacts on users’ phones.
Google often warns users of the security risks that come with the use of a third-party keyboard, but AI.type touts on its website that user privacy is its “main concern” and that any entered text “stays encrypted and private.” Furthermore, AI.type says it will “never share or learn data from password fields.”
ZDNet’s report found, however, that the company had collected more than 8.6 million text entries collected from the keyboard, including phone numbers, web search terms, and concatenated emails and passwords.
While AI.type says the database has since been secured, the report is still incredibly damning, specifically relating to the app’s collection of seemingly critical information. Read more at ZDNet.
FTC: We use income earning auto affiliate links. More.