- Massive Breach Exposes Keyboard App that Collects Personal Data On Its 31 Million Users
We download apps on our smartphones, most users may not realize how much data they collect on you. A team of security researchers at the Kromtech Security Center has discovered a massive trove of personal data belonging to more than 31 million users of the popular virtual keyboard app, AI. Type, accidentally leaked online for anyone to download without requiring any password. Apparently, a misconfigured MongoDB database, owned by the Tel Aviv-based startup AI.type, exposed their entire 577 GB of the database online that includes a shocking amount of sensitive details on their users, which is not even necessary for the app to work. The leaked database of over 31 million users includes; Full name, phone number, and email address, Device name, screen resolution and model details, Android version, IMSI number, and IMEI number, Mobile network name, country of residence and even user enabled languages, IP address (if available), along with GPS location (longitude/latitude), Links and the information associated with the social media profiles, including birth date, emails, photos.
Cyber Security Tips: To prevent from such data breaches you are strongly recommended that do not download apps from untrusted sources and check permissions while installing any application.
- MailSploit — Email Spoofing Flaw Affects Over 30 Popular Email Clients
If you received an e-mail looking like coming from trusted person Beware! Yes, the security researcher has discovered a collection of vulnerabilities in more than 30 popular e-mail client applications that could allow anyone to send spoofed e-mails bypassing anti-spoofing mechanisms. Email spoofing is an old technique, but it works well, allowing someone to modify email headers and send an email with the forged sender address to trick recipients into believing they are receiving that email from a specific person. The set of vulnerabilities, dubbed MailSploit, affects Apple Mail (macOS, iOS, and watchOS), Mozilla Thunderbird, several Microsoft email clients, Yahoo Mail, ProtonMail, and others. Besides spoofing, the researcher found some of the email clients, including Hushmail, Open Mailbox, Spark, and Airmail, are also vulnerable to cross-site scripting (XSS) vulnerabilities, which stems from the email spoofing issue.
Cyber Security Tips: Users are strongly recommended that beware of spoofing mail, before responding to any e-mail make sure that an e-mail is received from a trusted person.