Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's SwiftKey Suspends Sync After Keyboard Leaks Strangers' Contact Details (zdnet.com)

Posted by msmash on from the security-blues dept.

Swiftkey has suspended its cloud-sync service and switched off email address predictions amid reports of Microsoft-owned keyboard app delivering suggestions for strangers' email addresses and phone numbers. ZDNet reports: The move followed reports a week ago that the app was offering up email addresses to people they've never met. According to The Telegraph, one user claimed to have been contacted by a stranger and told that their brand-new phone had suggested two of the user's email addresses, as well as contact phone numbers. Reports of the bug also cite some users receiving predictions in languages they'd never used previously. "I logged into SwiftKey with Google+ and now, I'm getting someone else's German predictions with only English (UK) pack installed. I have never typed German in my entire life," one Reddit user reported last week. SwiftKey on Friday suggested the leaked contact details are due to a glitch in this sync service, which normally backs up what the app learns about a user to SwiftKey servers and then syncs that data to the user's other devices.Microsoft acquired SwiftKey app earlier this year for an estimated sum of $250 million.

41 comments

  1. Cloud security for you! by Anonymous Coward · · Score: 5, Interesting

    It has to be said again and again...(sigh)

    Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.

    The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.

    And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.

    My main concern isn't with the security of The Cloud, but rather with getting my team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.

    1. Re:Cloud security for you! by Anonymous Coward · · Score: 0

      so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform

      Just make sure it's web-scale.

    2. Re:Cloud security for you! by Calydor · · Score: 2

      Your write-up lacks synergy.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    3. Re:Cloud security for you! by jellomizer · · Score: 1

      The issue that the "Secure" has a lot of meaning. Secure could mean you are guaranteed that you data will get from point x to y without errors or getting dropped.

      The issue isn't "Cloud Security" it is people falling for buzzards and not shopping for the best cloud option. If the company wants your business then they will need to explain how secure they are in ways that people will understand.

      Or you can be a stupid customer and get what everyone else seems to have.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    4. Re:Cloud security for you! by flyingfsck · · Score: 0

      Microsoft - the world leader in buggy software.

      --
      Excuse me, but please get off my Pennisetum Clandestinum, eh!
    5. Re:Cloud security for you! by NotInHere · · Score: 1, Informative

      Microsoft follows the best in class scheme, where their products are targeted to be best amongst all competitors. If the competitors are shit, then the product may be shit as well, but if the competitors are really good, microsoft invests lots of money until the ms product is better than those.

    6. Re:Cloud security for you! by quenda · · Score: 1

      Your write-up lacks synergy.

      Uh oh. Sounds like someone has a case of the Mondays.

    7. Re:Cloud security for you! by Nunya666 · · Score: 1

      Microsoft follows the best in class scheme, where their products are targeted to be best amongst all competitors. If the competitors are shit, then the product may be shit as well, but if the competitors are really good, microsoft invests lots of money until the ms product is better than those.

      Really? So every MS product that has good competition is better than said competition?

      How much does MS pay you for that B.S.?

    8. Re:Cloud security for you! by Hizonner · · Score: 1

      Any third party service is an extra exposure, period.

      You have to be an absolute unmitigated idiot to even think about using something that sends every fucking keystroke to a third party.

      And even if you pick the best cloud service every time, you are going to lose if you go out and make yourself dependent on 100 of these things. Not to mention the fact that they often lie and often change their security postures over time. They also love to farm out critical parts of what they do to still more cloud services, increasing your exposure still further. I especially like "I logged into SwiftKey with Google+". So you farmed out not only your goddamned keyboard, but the AUTHENTICATION for access to your keyboard.

      I just hope the inevitable collapse of all this "as a service" stuff comes sooner rather than later. Then we can go back to only having to deal with the fact that the local software is crap.

    9. Re:Cloud security for you! by fustakrakich · · Score: 1

      So every MS product that has good competition is better than said competition?

      Well yeah, if they outsell the competition, that means they're better. That's how the market works, right?

      --
      “He’s not deformed, he’s just drunk!”
    10. Re:Cloud security for you! by tehlinux · · Score: 1

      >but if the competitors are really good, microsoft invests lots of money until the ms product is better than those.

      Like with Windows Phone?!

      --
      Most linux users don't know this, but the man pages were named after Chuck Norris. Chuck Norris fsck'ing hates noobs!
    11. Re:Cloud security for you! by Darinbob · · Score: 1

      The best part is your post was marked +5 interesting instead of +5 funny.

    12. Re:Cloud security for you! by davester666 · · Score: 1

      By "targeting to be the best", that is generally in marketing materials. As in, they go "the next version will have all the bugs fixed that are in the current version, and it will have all the features of the main competitors and a bunch of new features that are super awesome". So you better not buy the competitors product, just wait until our super-awesome thing comes out and buy it instead.

      --
      Sleep your way to a whiter smile...date a dentist!
  2. Spoiler Alert!!! by Anonymous Coward · · Score: 0

    Snape kills Dumbledore.

  3. Only APPS can app apps! by Anonymous Coward · · Score: 0, Funny

    Those LUDDITES at Microsoft removed one of the appiest apps to ever be apped, all because of a few LUDDITES worried about LUDDITE privacy.

    Apps!

  4. Send your keystrokes into the cloud, they said. by Anonymous Coward · · Score: 0

    What can go wrong, they said.

  5. Kudos To Microsoft by Anonymous Coward · · Score: 0

    It's a relief they acquired this technology to finally address these problems! You just don't get this kind of support from smaller independent companies. Now that the professionals are in charge, though, things are looking up for this technology!

    1. Re:Kudos To Microsoft by marcroelofs · · Score: 1

      Well, now that I know that it was acquired by Microsoft I immediately uninstalled it. A lot of more interesting alternatives out there.

    2. Re:Kudos To Microsoft by marcroelofs · · Score: 1

      Even assuming your comment was sarcasm, I still think it's worth investigating how this 'bug' appeared only months after the acquisition.

    3. Re:Kudos To Microsoft by EmeraldBot · · Score: 1

      Even assuming your comment was sarcasm, I still think it's worth investigating how this 'bug' appeared only months after the acquisition.

      Yeah because Microsoft decides periodically to cause mischief just because it can, in a product that it's desperately trying to groom, at a time when this issue is a very sensitive topic, in the wake of a large controversy over its star breadwinner, in regions where it could potentially face serious and sustained liability.

      Let's not kid ourselves here, this is almost certainly a "Joe updated the server side dictionary manager but Jaine is behind schedule on the client" situation.

      --
      "Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
    4. Re:Kudos To Microsoft by Anonymous Coward · · Score: 0

      Even assuming your comment was sarcasm, I still think it's worth investigating how this 'bug' appeared only months after the acquisition.

      Yeah because Microsoft decides periodically to cause mischief just because it can, in a product that it's desperately trying to groom, at a time when this issue is a very sensitive topic, in the wake of a large controversy over its star breadwinner, in regions where it could potentially face serious and sustained liability.

      Let's not kid ourselves here, this is almost certainly a "Joe updated the server side dictionary manager but Jaine is behind schedule on the client" situation.

      No. It's because Microsoft has a history of destroying anything it touches with its filthy paws.

  6. Non just switkey, possibly hotmail as well. by Anonymous Coward · · Score: 0

    I had a Non-IT colleague who saw a similar issue with Hotmail (who knew people still used it). He couldn't figure out why he was getting email address suggestions for people he didn't know. Wonder if this is like the Windows 10 WiFi sharing thing, buggy as heck.

  7. Boy am I glad I have a backup! by Provocateur · · Score: 1

    I guess I missed that memo

    Where do I put the sarcasm tag again?

    --
    WARNING: Smartphones have side effects--most of them undocumented.
  8. Never typed German? by magarity · · Score: 5, Funny

    with only English (UK) pack installed. I have never typed German in my entire life

    Have you ever thanked an old veteran for that?

    1. Re:Never typed German? by Darinbob · · Score: 1

      We also defeated the British in the Revolutionary War, and we nae spake English since!

    2. Re:Never typed German? by Anonymous Coward · · Score: 0

      You should probably thank Russia for that.

  9. Thanks for the summary of what's in my other windo by raymorris · · Score: 1

    Right now I'm listening to four hours of Amazon AWS "training" (sales pitch) in other window. Their training is almost word-for-word what you posted.

  10. Bed Down With Dogs... by Anonymous Coward · · Score: 0

    ... Catch Fleas.

    And ask anybody who has used them ... Microsoft products are a b****!

  11. Let me get this straight... by bmk67 · · Score: 3, Interesting

    Microsoft paid a quarter of a billion dollars for that?

    W.C. Fields was right.

    1. Re:Let me get this straight... by stephanruby · · Score: 2

      Microsoft paid a quarter of a billion dollars for that? W.C. Fields was right.

      Don't blame Swiftkey.

      Blame Microsoft for ruining a service, that was working perfectly well before the acquisition.

    2. Re:Let me get this straight... by Anonymous Coward · · Score: 1

      They get to vacuum up every single word, password, phone number, email address, etc. typed in by millions of users, store it all in the cloud, correlate it and crunch it for who-knows-what purposes. $250M is cheap. It was probably paid for with American tax money, anyway; the plebs would have been too suspicious if NSA had bought SwiftKey outright.

    3. Re:Let me get this straight... by Darinbob · · Score: 3, Insightful

      Lemme get this straight... People want their keyboard app synced with the cloud?

    4. Re: Let me get this straight... by Anonymous Coward · · Score: 0

      "There's a sucker born every minute."

      Don't you mean P.T. Barnum?

      https://en.m.wikipedia.org/wiki/There%27s_a_sucker_born_every_minute

    5. Re:Let me get this straight... by Anonymous Coward · · Score: 0

      For some people, it is convenient to have their custom dictionaries on all their systems.
      Other people think it may be a bad idea to have a keyboard logger installed.

  12. Re:Thanks for the summary of what's in my other wi by fustakrakich · · Score: 1

    Don't look now, but the guy who posted that is sitting at the same table you are.

    --
    “He’s not deformed, he’s just drunk!”
  13. Yep... by EmeraldBot · · Score: 4, Interesting

    The scary part is that I had both the cloud sharing and the custom dictionary disabled, and yet I got suggestions too. It should have been impossible to receive these suggestions even if there was a bug in either or both sides, which tells me the "disable" option isn't really disabling anything. Looks like it's time to find a new keyboard... (and yes, I'm actually serious)

    --
    "Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
    1. Re:Yep... by chasm22 · · Score: 1

      Not sure if it matters but I never signed up for an account. And I don't have any options to enable /disable the cloud sync and/or enable/disable a personalized dictionary.

      I was wondering if you opened an account? I double checked by opening settings/account and got nothing but an invite. One of the linked articles implied that having an account was needed for this bug to be enabled.

      If it isn't, I'll probably keep SwiftKey. However if they're leaking data from everyone or just at random , I'll be joining you in looking for another keyboard.

  14. He better get out of my house by raymorris · · Score: 1

    If that's the case, he better gtfo of my house. :)

  15. Possibly neural network going haywire by Anonymous Coward · · Score: 0

    I would imagine they have this thing plugged into a neural network for predictive analysis. Perhaps some nodes that weren't supposed to talk started talking and exchanging data. This is also coincidently how humanity will all die eventually.

  16. That explains it by p51d007 · · Score: 0

    This morning, I tried typing my email address, usually the first 2 letters and the rest pops up, but it didn't today.

  17. Microsoft Danger, anyone? by Mondor · · Score: 1

    Remember what happened when Microsoft acquired service called "Danger"? It could be worse.

    https://en.wikipedia.org/wiki/...