G-Archiver Steals Your Gmail Password
Posted in Privacy by Dan at 1:31 pm
The nifty Gmail backup utility seems to have (possibly maliciously) collected the GMail logins of the programs users.
This was discovered when a developer named Dustin Brooks took a look at the code using a decompiler. He discovered a Gmail account name and password embedded in the source code. Brooks logged in and found over 1,700 emails all with user account information — with his own at the top. According to a story in Informationweek, he deleted the emails, changed the account password, and notified Google.
The developer of G-Archiver, says the code to collect users GMail logins was debug code that should have been stripped out of the shipping version and a patch will be available shortly.
Sneaky what some programmers are capable of.
6 Comments, Comment or Trackback
chad
F A I L
Mar 11th, 2008
Dave Zatz
This is why things like multi-IM clients scare me… they may have an archive of everyone’s credentials.
Mar 11th, 2008
ronin
You can always use open-source IM clients, that way the developers can’t hide anything from the public
Mar 11th, 2008
chad
@RONIN
I think he meant things like Meebo, where it’s a service, not a software package itself.
Mar 11th, 2008
Dave Zatz
Yah, I meant the web-based and mobile proxy IM services where they capture your credentials to log you in. And unfortunately, I don’t think Yahoo, AOL, MSN let you have different passwords for IM than from email. Risk is probably low, but it occurs to me now and then. I’d complain more, but Meebo is alerting me to an incoming message in the other tab that I must attend to… ;)
Mar 11th, 2008
Nick Dionas
what is his password?
Mar 14th, 2008
Reply to “G-Archiver Steals Your Gmail Password”