Hackers are Stealing Data via Spellcheck Software

writing notes.jpg


The Chrome and Firefox grammar-checking tool known as Grammarly allowed hackers access to all 22 million of its users. This included access to all personal documents and records. The flaw was discovered on February 2nd - when researchers discovered that it only took 4 lines of JavaScript code to gain access to this personal information.

Essentially, every website that the Grammarly user visits steals his or her authentication tokens. This allows the hacker to gain access to the user's account and all sorts of login data. Fortunately, the flaw was fixed on February 5th by the Grammarly Team - an impressive response time given the severity of the situation. An automatic update for all Grammarly users was immediately implemented.

A Grammarly spokesperson also told in an email that the company has no evidence of users being compromised by this vulnerability.

A Grammarly spokesperson admitted they had no evidence about the bug's existence but reassured users that the bug did not affect the Grammarly Keyboard, the Grammarly Microsoft Office add-on, or any typed text from other websites. If you are a Grammarly user, your software was automatically updated and requires no further action.