G-Archiver Steals Your Gmail Password
Posted in Privacy by Dan at 1:31 pm
This post was published 1 year 8 months 11 days ago and its content may not be valid anymore.The nifty Gmail backup utility seems to have (possibly maliciously) collected the GMail logins of the programs users.
This was discovered when a developer named Dustin Brooks took a look at the code using a decompiler. He discovered a Gmail account name and password embedded in the source code. Brooks logged in and found over 1,700 emails all with user account information — with his own at the top. According to a story in Informationweek, he deleted the emails, changed the account password, and notified Google.
The developer of G-Archiver, says the code to collect users GMail logins was debug code that should have been stripped out of the shipping version and a patch will be available shortly.
Sneaky what some programmers are capable of.
F A I L
This is why things like multi-IM clients scare me… they may have an archive of everyone’s credentials.
You can always use open-source IM clients, that way the developers can’t hide anything from the public
@RONIN
I think he meant things like Meebo, where it’s a service, not a software package itself.
Yah, I meant the web-based and mobile proxy IM services where they capture your credentials to log you in. And unfortunately, I don’t think Yahoo, AOL, MSN let you have different passwords for IM than from email. Risk is probably low, but it occurs to me now and then. I’d complain more, but Meebo is alerting me to an incoming message in the other tab that I must attend to… ;)
what is his password?