Home > Awareness, Email, Gmail, Hacking > Top 3 reasons why hackers love to hack Gmail accounts

Top 3 reasons why hackers love to hack Gmail accounts

In a previous entry, I’ve said that “I’ll be writing about why hackers are so eager to crack Gmail accounts. What’s in it for them? What do they expect to find in other people’s Gmail?“. Based on my own experience and observation, the top 3 reasons that fuel such diabolical exploits are as follows:

1. Gmail is the most popular free email system. As of December 2009, 176 million users have been using Gmail every month and the number is expected to increase. Gmail has becoming the most important email account to have these days and this is very much due to its tie to various other Internet-based services which I will explain more after this. And being the most widely used email account, hackers found that it is worth their while to work on hacking the accounts. Gmail are being used by almost all the people I know. Even CEOs and VIPs have their own Gmail, next to their official ones – and interestingly, they will all be using Gmail when conversing with others external to their daily business dealings. I believe this has something to do with the fact that all netizens have at least 2 email accounts. One for official stuff (which they cannot resist to have, for e.g. those working in large corporations, government etc.) and the other for everything else besides work stuff. And I’ve seen a lot of people who have been using identical email account names for both! This may be good for others to recognize them when they email something to friends using Gmail but at the same time, they are also exposing their “official” identity. It may not mean much to us, but hackers will value this kind of information very much – which brings us to the next point..

2. Gmail has been widely used as a backup facility. This is regarded by many as an interesting feature, given that Gmail had promised to keep offering spaces which now stands at almost 7.5GB. Now that is a huge storage and accordingly, people began to use Gmail to store their files – sometimes, really important work files. Some have been emailing the files directly to their own Gmail. I’ve personally seen this practiced by a US-based company I used to do freelance work with. All the files I sent back to their official email addresses must all be CCed to their Gmail. Once I forgot to do that, and they reminded me that a CC to their Gmail is very important as that is where they backup their files. And I was like.. what the?? Whatever happen to good old backup to external drives? Perhaps, people are still using external HDDs but somehow they also find it practical enough to backup the same files to their Gmails as well. Sure, in an ideal world where all netizens are good, civilized individuals, that would be the smartest solution. Imagine having all your important files like your CV, scan copy of documents, photos, MS Word drafts and so forth, accessible from anywhere they can access their Gmails. But please, also try to imagine what would happen if that Gmail got hacked? Imagine you’ve been using an almost similar email identity for both official and Gmail accounts (or even using the same name?!) and someday, hackers who wish to particularly attack you managed to see the similarity between the two. Imagine the kind of files that those hackers can get their hands on.

3. Gmail is tied to other popular Internet-based services. To date, Google, as the owner of Gmail, has managed to acquire and develop a number of popular Internet-based services such as Blogger (xxxxx.blogspot.com), YouTube, Google Docs, Keyhole Inc. (whose product later became Google Earth), Google Groups, AdSense, Orkut, Google Calendar and a lot more that are yet to be as popular. And all these services are tied to one Google Account (except Blogger and YouTube users who signed up before the acquisition). Of course, having a Google Account is not the same as having a Gmail account, since you can sign up for a Google Account without using your Gmail. But one must remember this, once a user sign up for a Gmail, it automatically becomes their Google Account – and not vice versa! What does that mean? Well, let me put it this way.. if someone somehow managed to hack into your Gmail, you might as well consider your Blogger, YouTube, Google Docs and AdSense accounts are hacked as well. All these possibilities and avenues are enough to motivate any hacker to get to your Gmail first, before getting to everything else tied to that Gmail. This is a nightmare to any single sign-in system.

What can we learn from all these? Should we be using Google Accounts that are not tied to our own Gmail? Is it really practical to backup your files to Gmail? Does its benefit outweigh the possible risks? Or should we just blame Google for this single sign-in fiasco? 😛

What do you think? Share some thoughts.

Until then, safe surfing!

Categories: Awareness, Email, Gmail, Hacking
  1. Pengkritik Tetap
    June 8, 2010 at 3:33 pm

    …emm, betul juga ya Pak Yaakob. kadang-kadang sesuatu yang kita anggap memudahkan segala urusan kita (semua benda ‘campak’/guna dalam Gmail) itulah yang mendatangkan mudarat kepada kita.

    tapi bagi sayalah Pak Yaakob, perkara pokoknya kita jangan terlalu dedahkan siapa diri kita dalam Internet. Tokoh terkemuka dunia seperti ahli politik, artis, ilmuwan, ahli sarjana (sekadar menyebut beberapa nama) pun belum tentu segala maklumat tentang diri mereka ada dalam Internet seperti nombor akaun bank atau nombor telefon bimbit, sebaliknya sesetengah pengguna Internet di Malaysia (berdasarkan pemerhatian) dengan mudah menyiarkan nombor telefon bimbit malahan nombor akaun bank kepada umum. walaupun mereka hanya berniat untuk memberitahu teman rapat mengenai nombor telefon bimbit atau akaun bank mereka tapi percaya atau tidak apa sahaja yang disiarkan dalam Internet, umum pasti akan mengetahuinya hanya melalui enjin carian Google.

    …jadi janganlah terlalu ‘popular’ dalam enjin carian Google kerana segala maklumat yang telah anda dedahkan dalam Internet (sengaja atau tidak) tidak mustahil suatu hari akan digunakan oleh ‘pihak ketiga’ yang mahu mengambil kesempatan ke atas anda…

    …terima kasih Pak Yaakob untuk maklumat yang diberikan. Sampaikan salam kepada Cik Ketam dan Cik Kucing, dengan ucapan, “bila lagi nak pos entri?”. sekian terima kasih.

    • June 9, 2010 at 11:24 am

      terima kasih atas komen yang sangat bernas! memang kadang2 pelik jugak bila tengok ada pengguna Internet yang mudah2 paparkan maklumat yang sesulit akaun bank di Facebook dan blog masing2.. mmg la kalau org tahu no akaun bank tu bukan bermakna tahu no pin tapi org boleh gunakan utk track identity sebenar.. lanjutan daripada tu, boleh jadi macam2 lagi..aspek recon ni ramai pengguna tak peduli sangat..

      salam tu, saya dah pun sampaikan.. tindakan selanjutnya, tinggal diri masing2 laa..

  2. ket@mjLnLuRus
    June 9, 2010 at 11:42 am

    waalaikumsalam cik pengkritik tetap..hehehe..insyaAllah entri saya akan muncul tak lg..terima kasih di atas sokongan anda

  3. ket@mjLnLuRus
    June 9, 2010 at 11:49 am

    lagi satu, jgn tulis no telefon pada pintu toilet atau public phone booth..haha :p takut nnt org letak dlm internet tuk kenakan kita..

  4. hacker noob
    June 11, 2010 at 3:55 pm

    gmail or ymail??? which is better? =)

    • June 11, 2010 at 11:56 pm

      thank you for your comment, hacker noob. security wise, i would say ymail since you can sort of “bind” your log-in to a particular PC and if i’m not mistaken there’s an option where you can logged in for a certain period of time. but feature wise, i have to say that gmail is better. just be aware and pay extra attention to your gmail password.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: