Essentially, every website that the Grammarly user visits steals his or her authentication tokens. This allows the hacker to gain access to the user's account and all sorts of login data. Fortunately, the flaw was fixed on February 5th by the Grammarly Team - an impressive response time given the severity of the situation. An automatic update for all Grammarly users was immediately implemented.
A Grammarly spokesperson also told in an email that the company has no evidence of users being compromised by this vulnerability.
A Grammarly spokesperson admitted they had no evidence about the bug's existence but reassured users that the bug did not affect the Grammarly Keyboard, the Grammarly Microsoft Office add-on, or any typed text from other websites. If you are a Grammarly user, your software was automatically updated and requires no further action.
However, no matter how tight the online security of a software tool is, there are always workarounds. Someone will always find a way to bypass the security of a software tool and gain access to the user data. Any software written or supported by humans (which is most of it for the next decade at least) is subject to misconfiguration.
It's also important to consider the data your entering into Grammarly. If you're editing a note to your doctor or your financial planner, there's more risk. Writing a blog post about Grammarly doesn't carry the same risk. In fact, it's already fixed a few errors in this blog.