Security expert Ryan Welton, of NowSecure, claims hundreds of millions of Samsung devices are vulnerable to a pretty significant bug. And it’s not just older Samsung devices; Welton proved the exploit works on the Galaxy S6, even after Samsung claimed the flaw had been patched. The problem could potentially persist across the Korean company’s most popular phones, including the Galaxy S III, Galaxy S4, Galaxy S5, Galaxy Note 3 and Galaxy Note 4.

The issue allegedly exists in the SwiftKey keyboard that comes preinstalled on Samsung phones. Once booted up, the keyboard is said to look for a language pack update over unencrypted lines, which gives hackers the opportunity to spoof the proxy server and gain access to Samsung phones, from something as simple as contacts to banking information. Affected devices can even be tracked without the users’ knowledge.

Samsung claimed it released a patch a few months back, but it doesn’t appear everything has been fixed. And according to SwiftKey, apps available via Google Play aren’t affected by the vulnerability detailed by Welton.

However, Welton says the problem still persists. If SwiftKey comes preinstalled on your device, Welton said you’re vulnerable, even if you don’t use it as your default keyboard. It would take a pretty savvy hacker to exploit your device, which means the chances of your information getting swiped is pretty low. Even still, it’s always a good idea to be cautious when connecting to a network while out in public.