Hackers are Stealing Data via Spellcheck Software

The Chrome and Firefox grammar-checking tool known as Grammarly allowed hackers access to all 22 million of its users. ...


The Chrome and Firefox grammar-checking tool known as Grammarly allowed hackers access to all 22 million of its users.

This included access to all personal documents and records. The flaw was discovered on February 2nd - when researchers discovered that it only took 4 lines of JavaScript code to gain access to this personal information.

Essentially, every website that the Grammarly user visits steals his or her authentication tokens. This allows the hacker to gain access to the user's account and all sorts of login data. Fortunately, the flaw was fixed on February 5th by the Grammarly Team - an impressive response time given the severity of the situation. An automatic update for all Grammarly users was immediately implemented.

A Grammarly spokesperson also told in an email that the company has no evidence of users being compromised by this vulnerability.

A Grammarly spokesperson admitted they had no evidence about the bug's existence but reassured users that the bug did not affect the Grammarly Keyboard, the Grammarly Microsoft Office add-on, or any typed text from other websites. If you are a Grammarly user, your software was automatically updated and requires no further action.

However, no matter how tight the online security of a software tool is, there are always workarounds. Someone will always find a way to bypass the security of a software tool and gain access to the user data.  Any software written or supported by humans (which is most of it for the next decade at least) is subject to misconfiguration.

It's also important to consider the data your entering into Grammarly.  If you're editing a note to your doctor or your financial planner, there's more risk.  Writing a blog post about Grammarly doesn't carry the same risk.  In fact, it's already fixed a few errors in this blog.

Subscribe to Brent's Blog

Leave a comment below

Similar posts