Site icon Liquidmatrix Security Digest

G-Archiver Swipes Gmail Logins

Yet another example that you always have to be on your guard.

From Information Week:

On Friday, Coding Horror, a popular blog run by programmer Jeff Atwood, published allegations that a Windows shareware application for archiving Gmail messages called G-Archiver steals users’ Gmail login details.

The allegations were made by Dustin Brooks, a .Net programmer with a database management company based in the Midwest.

In a phone interview, Brooks confirmed that he had used a programming analysis tool called Reflector to review the application’s source code and found that the program’s author had hard-coded the e-mail address jterry79@gmail.com into the code, along with the password to the account.

As Brooks explained in an e-mail to Atwood, “Having just entered my own information I became concerned. I opened up a browser and logged in to Gmail using his account information. It still worked. Upon getting to the inbox I was greeted with 1,777 emails with account information for everyone who had ever used the software and right at the top was mine.”

Craptacular.

Article Link

[tags]Gmail Passwords, G-Archiver, Thieving G-Archiver App[/tags]

Exit mobile version