Security researchers have discovered a massive collection of personal data belonging to more than 31 million users of the popular virtual keyboard app, AI.type, after the information was accidentally leaked online. It is possible for anyone to download the sensitive data without requiring a password. A misconfigured MongoDB database is thought to have been the reason for the exposure of AI.type’s entire 577 GB database
Full Story Here: https://thehackernews.com/2017/12/keyboard-data-breach.html
Commenting on the news is Javvad Malik, security advocate at AlienVault, who said:
It is concerning that a keyboard app is collecting excessive data from users which isn’t needed for its operation. Unfortunately, many companies will opt to gather as much data as possible from its users that can be analysed or sold onto third parties.
The fact that this breach occurred via a misconfigured MongoDB database is not all that surprising. We’ve seen a rise in incidents where data is breached from misconfigured services, of which Amazon S3 buckets are amongst the most common.
It highlights the importance of companies to have cloud security expertise, and the right cloud monitoring tools in order to gain assurance that misconfigurations and security vulnerabilities aren’t left in the environment.