Top 3 reasons why hackers love to hack Gmail accounts
In a previous entry, I’ve said that “I’ll be writing about why hackers are so eager to crack Gmail accounts. What’s in it for them? What do they expect to find in other people’s Gmail?“. Based on my own experience and observation, the top 3 reasons that fuel such diabolical exploits are as follows:
1. Gmail is the most popular free email system. As of December 2009, 176 million users have been using Gmail every month and the number is expected to increase. Gmail has becoming the most important email account to have these days and this is very much due to its tie to various other Internet-based services which I will explain more after this. And being the most widely used email account, hackers found that it is worth their while to work on hacking the accounts. Gmail are being used by almost all the people I know. Even CEOs and VIPs have their own Gmail, next to their official ones – and interestingly, they will all be using Gmail when conversing with others external to their daily business dealings. I believe this has something to do with the fact that all netizens have at least 2 email accounts. One for official stuff (which they cannot resist to have, for e.g. those working in large corporations, government etc.) and the other for everything else besides work stuff. And I’ve seen a lot of people who have been using identical email account names for both! This may be good for others to recognize them when they email something to friends using Gmail but at the same time, they are also exposing their “official” identity. It may not mean much to us, but hackers will value this kind of information very much – which brings us to the next point..
2. Gmail has been widely used as a backup facility. This is regarded by many as an interesting feature, given that Gmail had promised to keep offering spaces which now stands at almost 7.5GB. Now that is a huge storage and accordingly, people began to use Gmail to store their files – sometimes, really important work files. Some have been emailing the files directly to their own Gmail. I’ve personally seen this practiced by a US-based company I used to do freelance work with. All the files I sent back to their official email addresses must all be CCed to their Gmail. Once I forgot to do that, and they reminded me that a CC to their Gmail is very important as that is where they backup their files. And I was like.. what the?? Whatever happen to good old backup to external drives? Perhaps, people are still using external HDDs but somehow they also find it practical enough to backup the same files to their Gmails as well. Sure, in an ideal world where all netizens are good, civilized individuals, that would be the smartest solution. Imagine having all your important files like your CV, scan copy of documents, photos, MS Word drafts and so forth, accessible from anywhere they can access their Gmails. But please, also try to imagine what would happen if that Gmail got hacked? Imagine you’ve been using an almost similar email identity for both official and Gmail accounts (or even using the same name?!) and someday, hackers who wish to particularly attack you managed to see the similarity between the two. Imagine the kind of files that those hackers can get their hands on.
3. Gmail is tied to other popular Internet-based services. To date, Google, as the owner of Gmail, has managed to acquire and develop a number of popular Internet-based services such as Blogger (xxxxx.blogspot.com), YouTube, Google Docs, Keyhole Inc. (whose product later became Google Earth), Google Groups, AdSense, Orkut, Google Calendar and a lot more that are yet to be as popular. And all these services are tied to one Google Account (except Blogger and YouTube users who signed up before the acquisition). Of course, having a Google Account is not the same as having a Gmail account, since you can sign up for a Google Account without using your Gmail. But one must remember this, once a user sign up for a Gmail, it automatically becomes their Google Account – and not vice versa! What does that mean? Well, let me put it this way.. if someone somehow managed to hack into your Gmail, you might as well consider your Blogger, YouTube, Google Docs and AdSense accounts are hacked as well. All these possibilities and avenues are enough to motivate any hacker to get to your Gmail first, before getting to everything else tied to that Gmail. This is a nightmare to any single sign-in system.
What can we learn from all these? Should we be using Google Accounts that are not tied to our own Gmail? Is it really practical to backup your files to Gmail? Does its benefit outweigh the possible risks? Or should we just blame Google for this single sign-in fiasco? 😛
What do you think? Share some thoughts.
Until then, safe surfing!