Security

Grammarly Has a Vulnerability You Should Know About

If you’re a big user of Grammarly, your information may have been exposed to hackers. The writing enhancement platform appears to be missing the necessary security features to keep their users information intact, although the issue is believed to have been caused by a bug. Avoid this and other bugs with dfndr security’s full virus scan feature, which checks your device for any threats, in both your phone’s memory and SD card.

Read More: Why It’s a Bad Sign If Your Apps Keep Crashing

Here’s what you should know about the “Grammarly” bug that struck millions of people.

Weakness in Top Browsers
The issue was found due to a vulnerability in the Grammarly extension for Chrome and Firefox browsers. Information of about 22 million users accounts was exposed as a result, making it easy for remote hackers to access their personal documents and records. Tavis Ormandy, security researcher with Google’s Project Zero, said the it was a high severity bug.

Ormandy said that the authentication tokens to all Grammarly websites were there for the taking easily stolen by cybercriminals remotely with four lines of JavaScript code. The company said that the vulnerability only affected Grammarly Editor, but the issue could still have very severe consequences for some users if their documents were stolen.

The Issue Was Addressed in Time
Grammarly’s outside security IT team responded to the issue swiftly, fixing the bug only three days after the issue was revealed. A number of security updates were made available for Chrome and Firefox browser extensions, which the company is automatically updating without users having to actively find the update. Adding an extension on the Chrome Web Store seems to have done the trick for Chrome users.

A Grammarly spokesperson wrote an email to their security firm, noting that there is no evidence that users personal documents and information had been stolen, nor exposed by a hacker. Ormandy noted that the company’s response time was impressive. Grammarly added that the vulnerability may affect text saved on Grammarly Editor.

Any Further Threats?
While it is likely that the security threat is gone, the company says it is actively working to monitor any new issues in order to keep users information private and secure. Luckily the bug had no effect on Grammarly Keyboard, the Grammarly Microsoft Office add-in, or any documents created online while using the company’s browser extension.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Why Updating Android Helps Protect Your Phone, Even When Nothing Looks Different

Have you ever put off an Android update because you figured nothing would really change…

57 years ago

Your Phone Knows Where You’ve Been. Here’s Why That Matters More Than Ever

Do you know how many places your phone can remember from just one ordinary week?…

57 years ago

Does Changing Your Password Every Week Make Your Account Safer? Myth or Fact

You’ve probably heard that changing your password every week is a smart way to keep…

57 years ago

What Happens When You Tap “Allow” on an Android App?

You install a new app, open it for the first time, and the screen pops…

57 years ago

5-Minute Monthly Phone Check: What to Review on Android

You unlock your phone to answer a quick text and, without even noticing it, pass…

57 years ago

What Happens to Your Data After You Close an App?

You open an app to order food, check your bank balance, chat with friends, or…

57 years ago