Who doesn’t love Grammarly? I mean, it literally tells you when you’ve spelled anything incorrectly. Anything. And it also tells you where to put commas, and where not to put commas. But now, there might be a reason not to love Grammarly. The copyediting app has a major security hole that is leaving users exposed. Both the Chrome and Firefox browser extensions contained a “high severity bug” that was leaking authentication tokens. This was based on a bug report by Tavis Ormandy, who is a security researcher with Google’s Project Zero. What this meant was that any website a Grammarly user visited could access the user’s documents, history, logs and a ton of other data.
For real? What if you used Grammarly to write in your journal? I mean, only people who are severely “type A” would do that, but I think I’m making a valid point. Grammarly provides automated copyediting for pretty much anything that you type into your browser when the extension is enabled. Including emails, you might be sending. Grammarly works in the Gmail app, but interestingly enough, it doesn’t work in Google Docs. So if you are sending an email to your lawyer, using your Gmail account, its now exposed. That’s just one scenario of what this might mean. There are so many others that I can’t even begin to wrap my brain around.
Grammarly has approximately 22 million users, according to Ormandy, and it’s unclear whether anyone took advantage of this glaring security hole to steal users’ private writings or correspondence. Grammarly did not immediately respond to our request for comment. The good news, though is that Grammarly is fixing the bug in the Chrome Web Store, in what Ormandy is saying is a really impressive response time.
Up until this point, I would have clearly told you to use Grammarly because it’s incredible. Ok, I’m still going to tell you to use it, but I’m annoyed at this bug. Was this something that they knew about prior to now? Or is this something that they just became aware of? Ormandy suggests that their response was incredibly fast, but we have seen a lot of security breaches lately where the company knew about the breach well in advance of notifying the public.
But we should also think about it this way. Grammarly is used within your browser so it’s going to understand a lot about what you do and how you do it. I get a weekly status report from Grammarly that tells me how I’m writing. It also tells me things like – how many unique words I’ve used that week. Which is why this security hole is such a big deal. Just because hackers know how many times I use the word “whilst”, doesn’t really mean anything, but it’s this whole privacy issue that comes up again and again.
Is there anything that we can do? Or is it just the time that we’re living in? Security is always going to be a factor when it comes to giving up certain information. Since we live in a digital age, I think we have to weight the pros and cons when it comes to giving up certain information. If you’re a Grammarly user and you want to make sure you’ve received the patch already, the version numbers to look out for are: 14.826.1446 for Chrome and 8.804.1449 for Firefox.