Virtual keyboard application leaves user database server unprotected; leaks personal data of 31 million Android users

While third-party keyboard applications are common to Android users, a number of users also use virtual keyboard applications. A report now reveals that a popular virtual keyboard app has apparently leaked personal data belonging to as many as 31 million users.

Representational image. Reuters

Representational image. Reuters

The server which was compromised was identified as owned by Eitan Fitusi in a report by ZDNet. Fitusi is the co-founder of AI.type, a customisable on-screen keyboard which boasts of as many as 40 million users worldwide. As per the report, the server was left unsecured without a password allowing access to the company's user database.

The compromised database consisted of what is known to be 577 GB worth sensitive data. The server contained sensitive information of all Android users of the app. Based on the information gathered by the publication, the records on the server had entries of the user's full name, email addresses, and how many days the app was installed. The records also included the user's location set by GPS, including their city and country.

ZDNet who obtained a portion of the database to verify the information collected by the servers made a few scarier revelations to the breach. Certain portions of the records were found to include the user's phone number, network provider and on occasions also their IP address and the name of their internet provider if the user was found connected to Wi-Fi.

Fitusi who acknowledged the breach has secured the server since the news went public but did not respond to any questions.


Published Date: Dec 06, 2017 04:53 pm | Updated Date: Dec 06, 2017 04:53 pm