Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Microsoft Disables SwiftKey’s Cloud Sync to Prevent Data Leaks

Microsoft recently disabled the cloud sync feature in SwiftKey after an issue resulted in user details being displayed to other people.

Microsoft recently disabled the cloud sync feature in SwiftKey after an issue resulted in user details being displayed to other people.

SwiftKey is a popular mobile keyboard application, with hundreds of millions of Android and iOS users worldwide. Microsoft announced plans to purchase SwiftKey at the beginning of this year and completed the acquisition on March 1.

The mobile software helps users improve their typing speed by providing them with predictions based on their typing habits, and also allows them to save these predictions to the cloud, so that they would be synced across devices.

Last week, SwiftKey users noticed that they would receive different predictions on their devices, which suggested that the syncing feature wasn’t working properly. People took it to Reddit to complain, and some revealed that SwiftKey was even showing predictions in a different language.

The main problem wasn’t necessarily that users couldn’t type as fast as before, but that some of these predictions included other people’s email addresses. The SwiftKey team quickly decided to turn the feature off, to prevent this from happening to other people as well.

“While this did not pose a security issue for our customers, we have turned off the cloud sync service and have updated our applications to remove email address predictions. During this time, it will not be possible to back up your SwiftKey language model,” a post on the SwiftKey blog reads.

According to the team, however, this bug wasn’t a security issue. However, leaking personal details such as someone’s email address always is a security concern. In fact, the Telegraph claims that the bug resulted in one person’s email addresses, contact list, and work-related data ending up in someone else’s phone following this bug.

The SwiftKey team admitted that some of their users were served “unexpected predictions” that included “unfamiliar terms, and in some rare cases emails.” The team also said they were “working quickly to resolve this inconvenience.”

Advertisement. Scroll to continue reading.

Apparently, “the vast majority of SwiftKey users are not affected by this issue,” but no specific details on how many people were actually impacted has been provided.

SecurityWeek has contacted Microsoft for additional details, but has not recieved a response at the time of publishing. 

Related: Microsoft to Launch New Cross-Platform MFA Mobile Apps

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.