Personal data of 31 million Android users of virtual keyboard app revealed

Security researchers at  the Kromtech Security Center have discovered a massive data breach that could affect over 31 million customers of a popular virtual keyboard app, Ai.type after an open database was found online.  

The breached database MongoDB is believed to belong to Ai.Type a Tel Aviv-based startup that offers a personalized keyboard for phones and tablets supporting  Android as well as iOS devices. 

The app has more than 40 million users across the world.

According to the researchers, the database appears to contain records of only the Android users, which include users names, phone numbers, locations and Google queries.

The head of the app company admitted the breach, but compromised data was not sensitive.

Bob Diachenko, from the Kromtech Security Centre, said: "Why would a keyboard and emoji application need to gather the entire data of the user's phone or tablet?" 

"Based on the leaked database, they appear to collect everything from contacts to keystrokes," he wrote in his report.

However, Eitan Fitusi, chief executive and founder of Ai.type, said to the BBC, "It was a secondary database." 

He further added that the geo-location data was not accurate, and no IMEI information (a model number for a specific phone) had been gathered by the hackers. 

The database has now been shut down