Slashdot Mirror

← Back to Stories (view on slashdot.org)

G-Archiver Harvesting Google Mail Passwords

Posted by kdawson on from the change-password-now dept.

Thwomp writes "It appears that a popular Gmail backup utility, G-Archiver, has been harvesting users' Gmail passwords. This was discovered when a developer named Dustin Brooks took a look at the code using a decompiler. He discovered a Gmail account name and password embedded in the source code. Brooks logged in and found over 1,700 emails all with user account information — with his own at the top. According to a story in Informationweek, he deleted the emails, changed the account password, and notified Google. The creator of G-Archiver has pulled the software, stating that it was debug code and was unintentionally left in the product."

2 of 462 comments (clear)

  1. Re:The /. crowd has no imagination by leehwtsohg · · Score: 1, Redundant

    And then you accidently don't notice all the e-mail messages with username and password that keep being sent to your account.
    Yeah, could happen to anyone.

  2. He didn't look? by Gorimek · · Score: 1, Redundant

    Assuming his story is true, it was likely just a throwaway account he created for this purpose only.

    Google could probably check when he read the mail last, if they really want to verify the story.