Grammarly Has a Vulnerability You Should Know About
The popular copy editing platform has a security vulnerability that may have exposed the personal documents of approximately 22 million people.
If you’re a big user of Grammarly, your information may have been exposed to hackers. The writing enhancement platform appears to be missing the necessary security features to keep their users information intact, although the issue is believed to have been caused by a bug. Avoid this and other bugs with dfndr security’s full virus scan feature, which checks your device for any threats, in both your phone’s memory and SD card.
Read More: Why It’s a Bad Sign If Your Apps Keep Crashing
Here’s what you should know about the “Grammarly” bug that struck millions of people.
Weakness in Top Browsers
The issue was found due to a vulnerability in the Grammarly extension for Chrome and Firefox browsers. Information of about 22 million users accounts was exposed as a result, making it easy for remote hackers to access their personal documents and records. Tavis Ormandy, security researcher with Google’s Project Zero, said the it was a high severity bug.
Ormandy said that the authentication tokens to all Grammarly websites were there for the taking easily stolen by cybercriminals remotely with four lines of JavaScript code. The company said that the vulnerability only affected Grammarly Editor, but the issue could still have very severe consequences for some users if their documents were stolen.
The Issue Was Addressed in Time
Grammarly’s outside security IT team responded to the issue swiftly, fixing the bug only three days after the issue was revealed. A number of security updates were made available for Chrome and Firefox browser extensions, which the company is automatically updating without users having to actively find the update. Adding an extension on the Chrome Web Store seems to have done the trick for Chrome users.
A Grammarly spokesperson wrote an email to their security firm, noting that there is no evidence that users personal documents and information had been stolen, nor exposed by a hacker. Ormandy noted that the company’s response time was impressive. Grammarly added that the vulnerability may affect text saved on Grammarly Editor.
Any Further Threats?
While it is likely that the security threat is gone, the company says it is actively working to monitor any new issues in order to keep users information private and secure. Luckily the bug had no effect on Grammarly Keyboard, the Grammarly Microsoft Office add-in, or any documents created online while using the company’s browser extension.