31 million client registration files associated with Ai.Type, a popular virtual keyboard application, were exposed through the company’s unsecured and unencrypted MongoDB database. Ai.Type unintentionally allowed public access to their massive data set which included sensitive customer information such as phone number, device make/model, owner’s name, location, IP addresses, internet service and cell phone providers, app lists, and associated email addresses and social media profiles. Over 6 million of the leaked files also contained data collected from users’ contact lists including names and phone numbers. Initial reports indicate that this exposure only affects Android OS users. The NJCCIC encourages members to be wary of any application that requires “Full Access” to personal devices or requires permissions beyond what is needed for the application to function. We recommend users who installed the virtual keyboard change any login credentials entered on the device using the Ai.Type virtual keyboard, as well as any other online accounts that share the same login credentials. Remain vigilant for potential social engineering schemes such as phishing or vishing that use information obtained from this incident.