ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

ai.type Data Breach

aitype.com
Major exposure
Verified breach
Accounts exposed 20,580,060
Breach date 05 Dec 2017
Added to tracker 08 Dec 2017
Data classes 15

What happened

In December 2017, the virtual keyboard application ai.type was found to have left a huge amount of data publicly facing in an unsecured MongoDB instance. Discovered by researchers at The Kromtech Security Center, the 577GB data set included extensive personal information including over 20 million unique email addresses, social media profiles and address book contacts. The email addresses alone were provided to HIBP to enable impacted users to assess their exposure.

Exposed data

Address book contacts Apps installed on devices Cellular network names Dates of birth Device information Email addresses Genders Geographic locations IMEI numbers IMSI numbers IP addresses Names Phone numbers Profile photos Social media profiles

Recommended actions

  • Watch for targeted phishing emails referencing ai.type — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP