- Total Records75,423,749
- Unique Emails6,356,322
- Unique Email Providers14,426
- Unique IP Addresses7,154,379
The ai.type Data Breach of December 2017: What Happened and What Was Exposed?
In December 2017, the popular virtual keyboard app ai.type found itself at the center of a high-profile data incident. The breach came to light when security researchers discovered that a MongoDB database used by ai.type was left unsecured and accessible to anyone on the internet, without authentication. This oversight exposed the personal information of millions of users — including more than 20 million unique email addresses, detailed address data (city, state, and country), as well as user IP addresses. With over 75 million total records involved, the incident raised serious privacy concerns for users of the customizable keyboard app, which had been downloaded by individuals around the world hoping to personalize their smartphone typing experience.
Scope and Impact of the ai.type Breach
The ai.type breach was notable not only for the volume of data left online but also for the variety of sensitive information it contained. In total, 75,423,750 records were exposed. Security researchers from The Kromtech Security Center were the first to discover this massive leak, which put at risk the privacy of millions of users. Smartphone users who installed the ai.type keyboard app and created accounts were the primary group affected by this exposure.
What Data Was Exposed?
The data exposed in the unsecured MongoDB instance included a range of personally identifiable information. Specifically, the compromised data consisted of:
- IP addresses
- City, state, and country information tied to users’ addresses
- Unique email addresses (over 20 million)
This data could have been accessed and used by malicious actors in various ways, from targeted phishing attempts to large-scale data aggregation. The scale and depth of the information revealed made this exposure stand out at the time.
Timeline of the ai.type Data Exposure
The timeline began in early December 2017, when the unsecured database was found online. Within days, researchers at The Kromtech Security Center identified the open MongoDB instance and reported on its contents. The incident quickly drew the attention of both privacy advocates and the tech community due to the popularity of ai.type and the amount of user data left vulnerable. Later that month, measures were reportedly taken to secure the database, but the data had already been potentially accessible to anyone who knew where to look.
Frequently Asked Questions
What happened in the ai.type data breach?
The ai.type data breach occurred in December 2017 when millions of user records were left exposed in an unsecured MongoDB database. Researchers discovered the breach, revealing that a wide range of personal details were accessible from the virtual keyboard app's user base.
How many users were affected in the ai.type breach?
The breach involved over 75 million exposed records, including data from more than 20 million unique email addresses. Any user who had created an account or used ai.type’s keyboard app at the time could have been affected.
What kind of data was leaked in the ai.type breach?
The breached dataset included IP addresses, city, state, and country information, as well as over 20 million unique email addresses, making it a significant leak of personally identifiable information.
Who discovered the ai.type breach?
Security researchers from The Kromtech Security Center uncovered the exposure in December 2017, bringing it to public attention and highlighting the risks of unsecured databases.
How can I check if I'm in the ai.type breach?
You can check if your information was part of the ai.type breach by utilizing the DeHashed search engine.