Thieving Third-Party Gmail App Highlights Google Security Worries - InformationWeek
Software // Enterprise Applications
07:16 PM
Connect Directly

Thieving Third-Party Gmail App Highlights Google Security Worries

A .Net programmer finds G-Archiver steals users' Gmail login details, adding to a growing number of security incidents.

Like Microsoft before it, Google's dominance has made it a target for cyber criminals.

Security has always been an issue for Google, as it is with any online company, but only in the past two years has Google ramped up its public outreach efforts to communicate its commitment to security.

The proliferation of malware, spam, phishing, and related ills could seriously hinder Google's growth if it continues unchecked.

The problem Google faces is that its efforts to reassure its users risk being drowned out by the drumbeat of security incidents affecting Google properties.

On Friday, Coding Horror, a popular blog run by programmer Jeff Atwood, published allegations that a Windows shareware application for archiving Gmail messages called G-Archiver steals users' Gmail login details.

The allegations were made by Dustin Brooks, a .Net programmer with a database management company based in the Midwest.

In a phone interview, Brooks confirmed that he had used a programming analysis tool called Reflector to review the application's source code and found that the program's author had hard-coded the e-mail address into the code, along with the password to the account.

As Brooks explained in an e-mail to Atwood, "Having just entered my own information I became concerned. I opened up a browser and logged in to Gmail using his account information. It still worked. Upon getting to the inbox I was greeted with 1,777 emails with account information for everyone who had ever used the software and right at the top was mine."

Brooks said he then deleted the presumably stolen account information, changed the password on the account, and notified Google.

The company that distributes G-Archiver, MateMedia, did not respond to a request for comment. "John Terry," the purported author of the software could not be reached for comment.

In an e-mailed statement, Google said it was aware of the program but was not responsible for it. "Google is aware of claims that a third-party tool called G-Archiver, which is purported to store Gmail on a user's hard drive, was actually gathering e-mail addresses and passwords of anyone who used the application," a company spokesperson said. "G-Archiver required users to download software and enter their personal information to use the application."

"G-Archiver is not and has never been a Google product," Google's statement continues. "We are investigating this incident, the underlying activities of which violate Gmail Program Policies. We have suspended the suspect account, and are in the process of notifying the owners of those accounts whose passwords may have been compromised. It's unfortunate that fraudsters continue to use email for these purposes. We have phishing detection capabilities built into Gmail, so we were able to act quickly to limit the impact of this particular attack."

The statement also includes reminders that Google offers industrial strength security measures like SAML that allow for multi-factor authentication and that Gmail comes with anti-phishing protection.

In and of itself, the G-Archiver incident merely reflects the risks of using software from an unknown source.

But Google has had plenty of such issues to deal with recently. It has become a source of hacker information, through automated Google scanning tools like Goolag Scanner and the Google Hacking Database Tool. Last week, there was a porn outbreak in Google Groups. In December, Google had to stomp out a worm spreading on its Orkut social networking site and deal with Trojan.Qhost.WU, Trojan software that replaces Google AdSense text ads with potentially malicious ads from a different provider. In November, Google conducted a significant purge of its search index to get rid of malicious Web pages that had been artificially promoted to prominence by spammers.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll