Monday, March 10, 2008

G-Archiver Scam?

Coding Horror reports that Gmail backup software G-Archiver emails the user name and password of users to the apparent creator, John Terry. Dustin Brooks, who reverse-engineered the software and found the creator’s user name and password, was shocked to see 1,777 such messages with user credentials when logging in to John’s account. He then went ahead and deleted all these messages, changed John’s password, and contacted Google support.

Coding Horror’s Jeff Attwood comments, “it’s difficult to imagine any scenario where this isn’t a completely malicious violation of people’s trust.” If these reports are true, it’s another lesson that in general it’s bad advice to provide your Google account credentials to any other place than google.com as seen in your browser address bar – not in desktop apps, not on other domains, not on new windows popping up claiming to be google.com etc.

[Hat tip to Devdatta and Waxy!]

G-Archiver Scam? by Philipp Lenssen | Comments (22)

>> More posts

Advertisement