Another week, another potentially serious data breach. The emails, phone numbers, and locations of 31 million users of Android keyboard app Ai.type have been compromised after the developer failed to secure the server on which the information was stored. Some 577 gigabytes of data is said to have been exposed, representing more than three quarters of the app's total userbase.
The app's founder, Eitan Fitusi, made the rather basic error of not protecting the MongoDB database with a password, leaving it vulnerable. Thankfully, the discovery was made by security research company Kromtech Security Center, who got in touch with the owner and instructed him to correct the error before anyone with more nefarious intentions had a chance to exploit it.
I'm horrified by this data leak. Email addresses, phone numbers, and precise locations of 31 million users is bad enough, but the data also includes every user's contacts list — some 374.6 million phone numbers alone. https://t.co/rvNuPbP6Vr pic.twitter.com/AinjASnOyG
— Zack Whittaker (@zackwhittaker) December 5, 2017
As Guillem Lefait points out, this isn't the first time Ai.type has made the headlines for security reasons. Back in 2011, Artem realized that for the app's "psychic" powers to work, it needed to send every keystroke you made to its own servers. Understandably, Artem did not download the app on discovering this.
According to Bob Diachenko from Kromtech Security Center, this latest breach "raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices." It's an issue that continues to rear its ugly head at an alarming rate, with very little chance of a satisfactory resolution in the near future.