Categories: Security

Grammarly Has a Vulnerability You Should Know About

If you’re a big user of Grammarly, your information may have been exposed to hackers. The writing enhancement platform appears to be missing the necessary security features to keep their users information intact, although the issue is believed to have been caused by a bug. Avoid this and other bugs with dfndr security’s full virus scan feature, which checks your device for any threats, in both your phone’s memory and SD card.

Read More: Why It’s a Bad Sign If Your Apps Keep Crashing

Here’s what you should know about the “Grammarly” bug that struck millions of people.

Weakness in Top Browsers
The issue was found due to a vulnerability in the Grammarly extension for Chrome and Firefox browsers. Information of about 22 million users accounts was exposed as a result, making it easy for remote hackers to access their personal documents and records. Tavis Ormandy, security researcher with Google’s Project Zero, said the it was a high severity bug.

Ormandy said that the authentication tokens to all Grammarly websites were there for the taking easily stolen by cybercriminals remotely with four lines of JavaScript code. The company said that the vulnerability only affected Grammarly Editor, but the issue could still have very severe consequences for some users if their documents were stolen.

The Issue Was Addressed in Time
Grammarly’s outside security IT team responded to the issue swiftly, fixing the bug only three days after the issue was revealed. A number of security updates were made available for Chrome and Firefox browser extensions, which the company is automatically updating without users having to actively find the update. Adding an extension on the Chrome Web Store seems to have done the trick for Chrome users.

A Grammarly spokesperson wrote an email to their security firm, noting that there is no evidence that users personal documents and information had been stolen, nor exposed by a hacker. Ormandy noted that the company’s response time was impressive. Grammarly added that the vulnerability may affect text saved on Grammarly Editor.

Any Further Threats?
While it is likely that the security threat is gone, the company says it is actively working to monitor any new issues in order to keep users information private and secure. Luckily the bug had no effect on Grammarly Keyboard, the Grammarly Microsoft Office add-in, or any documents created online while using the company’s browser extension.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Vulnerabilities in Cyber Security: what they are and how to fix them?

Learn all about one of the hackers' favorite breach method and keep your company safe…

1 year ago

3 ways to recover deleted photos on Android

Have you ever wondered how to recover deleted photos on Android? After all, the lack…

1 year ago

What is worm?

Digital worms are among the most serious threats in the wild kingdom of the Internet.

2 years ago

Spoofing: What’s it all about?

Spoofing is a fairly sophisticated virtual scam that can fool even the most cautious and…

2 years ago

Careful With That QR Code! Five Steps For QR Code Safety

Five Steps to Reduce QR Code Risk! Step one? Read this article…

2 years ago

Pharming: Phishing’s Nasty Big Brother

Pharming is creating a new, dangerous brand of impostor syndrome. Check how to avoid pharming…

2 years ago