Microsoft recently disabled the cloud sync feature in SwiftKey after an issue resulted in user details being displayed to other people.
SwiftKey is a popular mobile keyboard application, with hundreds of millions of Android and iOS users worldwide. Microsoft announced plans to purchase SwiftKey at the beginning of this year and completed the acquisition on March 1.
The mobile software helps users improve their typing speed by providing them with predictions based on their typing habits, and also allows them to save these predictions to the cloud, so that they would be synced across devices.
Last week, SwiftKey users noticed that they would receive different predictions on their devices, which suggested that the syncing feature wasn’t working properly. People took it to Reddit to complain, and some revealed that SwiftKey was even showing predictions in a different language.
The main problem wasn’t necessarily that users couldn’t type as fast as before, but that some of these predictions included other people’s email addresses. The SwiftKey team quickly decided to turn the feature off, to prevent this from happening to other people as well.
“While this did not pose a security issue for our customers, we have turned off the cloud sync service and have updated our applications to remove email address predictions. During this time, it will not be possible to back up your SwiftKey language model,” a post on the SwiftKey blog reads.
According to the team, however, this bug wasn’t a security issue. However, leaking personal details such as someone’s email address always is a security concern. In fact, the Telegraph claims that the bug resulted in one person’s email addresses, contact list, and work-related data ending up in someone else’s phone following this bug.
The SwiftKey team admitted that some of their users were served “unexpected predictions” that included “unfamiliar terms, and in some rare cases emails.” The team also said they were “working quickly to resolve this inconvenience.”
Apparently, “the vast majority of SwiftKey users are not affected by this issue,” but no specific details on how many people were actually impacted has been provided.
SecurityWeek has contacted Microsoft for additional details, but has not recieved a response at the time of publishing.
Related: Microsoft to Launch New Cross-Platform MFA Mobile Apps