Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Mobile & Wireless

Microsoft Disables SwiftKey’s Cloud Sync to Prevent Data Leaks

Microsoft recently disabled the cloud sync feature in SwiftKey after an issue resulted in user details being displayed to other people.

Microsoft recently disabled the cloud sync feature in SwiftKey after an issue resulted in user details being displayed to other people.

SwiftKey is a popular mobile keyboard application, with hundreds of millions of Android and iOS users worldwide. Microsoft announced plans to purchase SwiftKey at the beginning of this year and completed the acquisition on March 1.

The mobile software helps users improve their typing speed by providing them with predictions based on their typing habits, and also allows them to save these predictions to the cloud, so that they would be synced across devices.

Last week, SwiftKey users noticed that they would receive different predictions on their devices, which suggested that the syncing feature wasn’t working properly. People took it to Reddit to complain, and some revealed that SwiftKey was even showing predictions in a different language.

The main problem wasn’t necessarily that users couldn’t type as fast as before, but that some of these predictions included other people’s email addresses. The SwiftKey team quickly decided to turn the feature off, to prevent this from happening to other people as well.

“While this did not pose a security issue for our customers, we have turned off the cloud sync service and have updated our applications to remove email address predictions. During this time, it will not be possible to back up your SwiftKey language model,” a post on the SwiftKey blog reads.

According to the team, however, this bug wasn’t a security issue. However, leaking personal details such as someone’s email address always is a security concern. In fact, the Telegraph claims that the bug resulted in one person’s email addresses, contact list, and work-related data ending up in someone else’s phone following this bug.

Advertisement. Scroll to continue reading.

The SwiftKey team admitted that some of their users were served “unexpected predictions” that included “unfamiliar terms, and in some rare cases emails.” The team also said they were “working quickly to resolve this inconvenience.”

Apparently, “the vast majority of SwiftKey users are not affected by this issue,” but no specific details on how many people were actually impacted has been provided.

SecurityWeek has contacted Microsoft for additional details, but has not recieved a response at the time of publishing. 

Related: Microsoft to Launch New Cross-Platform MFA Mobile Apps

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.