Skip to main content

The data of 31 million users of the ai.type keyboard may have been leaked

If you've ever used ai.type — an iPhone and Android add-on keyboard that supposedly learns your writing style — we've got some not-so-great news for you. According to the Kromtech Security Center (which you may recognize as the developer of the widely disliked MacKeeper suite of programs), the MongoDB database that's used to collect data for use of the keyboard was "misconfigured," and was publicly displaying the data and details of 31,293,959 users online. Researchers claim that this data included things like phone numbers, full names, emails, social media profiles, IP addresses, and exact location coordinates.

What's more, this data breach wasn't only limited to direct users of the keyboard — Kromtech reported that over 6.4 million of the records contained data from ai.type users' contacts lists, including all of their names and phone numbers. Overall, more than 373 million records taken from users' phones were exposed.

Kromtech's Head of Communications Bob Diachenk commented on the seriousness of the situation in a statement:

It is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online. This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user. It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices.

In spite of Kromtech's report, ai.type claims that the information contained in the database differed, though they didn't deny that data had been publicly exposed online for a short period of time. In a conversation with the BBC, founder and CEO of ai.type Eitan Fitusi assured users that the data made public did not contain sensitive information, and that the geo-location data of users of the keyboard was not accurate. Regardless, the MongoDB database has since been shut down as a result of Kromtech's research.

Thoughts? Questions?

Are you a user of ai.type? If so, what do you think about Kromtech's supposed findings? Share your thoughts with us in the comments.

Tory Foulk is a writer at Mobile Nations. She lives at the intersection of technology and sorcery and enjoys radio, bees, and houses in small towns. When she isn't working on articles, you'll likely find her listening to her favorite podcasts in a carefully curated blanket nest. You can follow her on Twitter at @tsfoulk.

4 Comments
  • I'm sick of hearing about mongoDB in articles about security issues resulting from misconfigurations. It's too open out of the box in default settings, but the company always blames the user. I actually tried to find documentation on how to properly configure mongoDB and there it leads to general information page. They don't take security seriously.
  • Well, people were screaming at Apple for third party keyboard support. Okay, you got it, security be damned.
  • Only "good" news is that Apple doesn't allow 3rd party keyboards to enter password fields. That mitigates some of the damage. (By the way, this is why I don't use Grammarly.)
  • Technically Apple hasn't really lost any security by allowing custom keyboards. All custom keyboards have "full access" disabled by default, which prevents the keyboards from sending any data to a server (e.g. what you've typed). The user must enable full access themselves to bypass the security measure, which also presents a suitable warning to the user.