It seems like this has been the year of data breaches. We've seen the monumental screw up of Equifax that exposed half of Americans' most sensitive data, DocuSign, Chipotle, and InterContinental Hotels just to name a few.
Oh, and we can't forget the revelation that Yahoo updated its massive 2013 breach, upping the victims from 1 billion people to all 3 billion of its users. It's crazy!
It's never ending and now there is a new one affecting 31 million people who use a popular keyboard app. And wait until you hear what was leaked!
Are you affected by this leak?
We're talking about the ai.type keyboard Free + Emoji. The company claims this keyboard is the "smartest, most personalized" keyboard out there for both Apple and Android. It has built-in prediction and auto-correction that learns your writing style. It all sounds great, right!?
No, they failed miserably.
What was leaked
So here is the scoop... it's really bad. The ai.type app developers left a server wide open where anyone could get in. There wasn't even a password protecting it!
In that server were usernames, locations, social media accounts, and some users' entire contact list from their phones. Let that settle in for a minute.
It's entirely possible if you installed this app, all the contents of your phone have been leaked online.
Now you might ask, "Why would a keyboard app need your location or contacts?" Well, it's a free app so the company collects this data to sell to advertisers.
Whenever there is a massive data breach, there are precautionary steps that we all must take. Here are some security suggestions:
Keep track of your money
You should already be frequently checking your bank statements, looking for suspicious activity. It's even more critical when there is a massive data breach. If you see anything that seems strange, report it immediately. It's the best way to keep your financial accounts safe.
Add an extra layer of protection
Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. This is an extra layer of security that will help keep your accounts safe. Click here to learn how to set up two-factor authentication.
It adds another layer of protection against the inevitable credential reuse attacks on your other accounts.
Whenever you hear news of a data breach, it's a good idea to change your account passwords. This is especially true if you use the same credentials for multiple websites. If your credentials are stolen from a breach, criminals can test them on other sites to log into those accounts as well. Read this article to help you create hack-proof passwords.
Beware of other scams
Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from the affected company, hoping to get victims to click on malicious links that could lead to more problems. You need to familiarize yourself with what phishing scams look like so you can avoid falling victim to one. Take our phishing IQ test to see if you can spot a fake email.
How to control app permissions
This is a good example as to why you need to make sure you change your app permissions. Only let an app have access to what is essential. Click here to learn how!