August 2, 2016 By Larry Loeb 2 min read

SwiftKey, the popular keyboard app that was bought by Microsoft earlier in the year, posted an entry on its blog that outlined immediate changes to its cloud sync service.

Unexpected Predictions

“This week, a few of our customers noticed unexpected predictions where unfamiliar terms and, in some rare cases, emails, appeared when using their mobile phone,” the post read. “We are working quickly to resolve this inconvenience.”

SwiftKey asserted that the irregularities did not pose a security threat to its customers. As a precaution, however, the app has disabled its cloud sync service and email address predictions.

The company admitted that the app’s email address predictor could generate another customer’s email address, and other “unfamiliar predictions” could show up as well. Even if it modifies the methods for harvesting typed emails, SwiftKey still has these unfamiliar phrases coming from somewhere.

It’s good that it is “working quickly” to resolve this major inconvenience, which stops the keyboard from performing the basic function that someone would want it to do in the first place. Without it, why even have the app on your phone?

Strange Suggestions

“A few users on Reddit have noticed that it’s been offering strange suggestions — including emails they’ve never seen and foreign language terms they’ve never used,” CSO Online reported.

The source also noted that one user got a brand new language in the deal. “And now, I’m getting someone else’s German predictions,” CSO Online quoted one user, who recently rooted a Samsung Galaxy S6 phone, as writing. “I have never typed German in my entire life.”

SwiftKey and Passwords

SwiftKey has said that it doesn’t collect any password or credit card data that may be typed by users. While that seems reassuring, consider that the tool has to recognize that the user-typed string is indeed a password. Otherwise, how can it assert that it is not storing it with other user-generated string data?

Microsoft hasn’t said when the cloud syncing feature could return, but one can only hope it will be working properly when it does come back.

More from

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

Ransomware attack on Rhode Island health system exposes data of hundreds of thousands

3 min read - Rhode Island is grappling with the fallout of a significant ransomware attack that has compromised the personal information of hundreds of thousands of residents enrolled in the state’s health and social services programs. Officials confirmed the attack on the RIBridges system—the state’s central platform for benefits like Medicaid and SNAP—after hackers infiltrated the system on December 5, planting malicious software and threatening to release sensitive data unless a ransom is paid. Governor Dan McKee, addressing the media, called the attack…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today