Millions caught in virtual keyboard app data breach

From BBC - December 5, 2017

Security researchers claim to have found the personal data of 31 million Android users of the keyboard app Ai.type after finding an open database online.

The app offers themed keyboards for phones and tablets.

The researchers claimed data left visible included names, phone numbers, locations and Google queries.

The boss of the Israeli company behind the app admitted the breach but said most of the data was not sensitive.

Bob Diachenko, from the Kromtech Security Centre, part of security company Mackeeper, said the amount of data required by the app at point of download was "shocking".

"Why would a keyboard and emoji application need to gather the entire data of the user's phone or tablet?" he wrote in his report.

"Based on the leaked database, they appear to collect everything from contacts to keystrokes."


Continue reading at BBC »