Hackers are Stealing Data via Spellcheck Software
Essentially, every website that the Grammarly user visits steals his or her authentication tokens. This allows the hacker to gain access to the user's account and all sorts of login data. Fortunately, the flaw was fixed on February 5th by the Grammarly Team - an impressive response time given the severity of the situation. An automatic update for all Grammarly users was immediately implemented.
A Grammarly spokesperson also told in an email that the company has no evidence of users being compromised by this vulnerability.
A Grammarly spokesperson admitted they had no evidence about the bug's existence but reassured users that the bug did not affect the Grammarly Keyboard, the Grammarly Microsoft Office add-on, or any typed text from other websites. If you are a Grammarly user, your software was automatically updated and requires no further action.