Open “Window” For Personal Data Theft

Another day has come, the sun has risen once more and… the hackers have found once again a new...

· 1 min read >

Another day has come, the sun has risen once more and… the hackers have found once again a new way to snick up to your personal data and files… It seems as this perpetual game will keep on going forever and ever as it is a rather clever and efficient way to snick through other peoples personal data (photos, files, and other personal stuff…) or even get hired as a future computer programmer by big and important companies of the web field.

The latter should come as of no surprise since many hackers through the years have acquired important jobs just by proving how clever geeks and nerds can be, by interrupting your daily routine and peace of mind with a new and inventive way. Sometimes by creating Trojan horses, malware and generally malign software that make your screen freeze, others by causing a restart or shutdown loop and cute things like that…

This particular time, a critical flaw in both Chrome’s and Firefox’s Grammarly spell checker could potentially allow attackers to steal your personal data. This is caused by exposing your personal information to any site you enter since it does not only do a grammar check but also goes beyond a normal spell checker by assessing your sentence structure and word usage. Tavis Ormandy, who is working in Google as a computer security white hat hacker and part of the Project Zero team, has discovered the “hole” in the Grammarly spell checker on February 2nd.

Reportedly the Chrome and Firefox extensions exposed authentication tokens to every website that can be captured by malicious users with just 4 lines of JavaScript code. Therefore any website a Grammarly spell checker user visits, can steal his authentication tokens and then access the user’s account and all of his history, logs and data without authorization.

Fortunately, the hole has been discovered on Friday and on early Monday morning the Grammarly spell checker team has applied a fix which according to the researcher was “a very impressive response time”! Security updates are now available for both Chrome and Firefox browser extensions and they should be applied automatically with no further concern to the approximately 22 million users. The team is actively monitoring activity and declares ready for any oncoming threats. It seems that the sun will keep rising up the next days but not without “some” casualties…

Written by
TheTechVerse is a blog for ultimate security, hacking, hardware, software, gaming leaks, articles, news and reviews on AMD, Intel, Nvidia, Xbox, PlayStation, Android, iOS & more. Profile
SSL Labs Rating Woes

SSL Labs Rating Woes

Ian Carnaghan in Coding, Cybersecurity
  ·   1 min read

Leave a Reply

Notify of