Cloudsweeper asks: 'What is your Gmail account worth to attackers?'

By on June 27, 2013, 6:30 PM

We hear about people’s accounts being compromised all the time, and naturally make some assumptions about why an attacker would want to gain access in the first place. Now you can use a tool called Cloudsweeper to figure out just how much the data in your Gmail account might be worth.

Cloudsweeper was developed by researchers at the University of Illinois, Chicago, to help collect data for a study examining password reuse. If you use the tool, you can opt-out of sharing your results with the study should you choose to do so.

Before proceeding, Cloudsweeper will ask you to agree to an informed consent information page. As you may expect, they detail what data they are collecting, to what extent they can access your information (the tool combs through all of your email, but doesn’t have access to anything else).

What’s admirable about this consent page is the discussion they raise about the possibilities of a malicious attacker breaching the service. While unlikely, it’s nice to see an application/website acknowledging the risk inherent in any web service.

As this isn’t likely a tool that you’ll use frequently, I’d suggest revoking access to the application after you’re through with the assessment.

Upon granting Cloudsweeper access using oAuth, the tool will perform a security audit on your account, checking for plain text passwords and password reset emails. It then assigns a dollar value to certain accounts it finds in your email, calculating a total potential account worth, and suggestions for adding more security.

If you’re curious, yes, that is my account pictured above, worth $28.30. Nearly all of the value comes from Amazon, Apple, and Facebook accounts, worth 15, 8, and 5 dollars respectively. This is interesting information to look at, but the security suggestions Cloudsweeper offers are run-of-the-mill solutions: password managers and two-factor authentication.




User Comments: 9

Got something to say? Post a comment
Guest said:

Don't know if I should feel insulted or proud, mine came up as $0.00!!

Guest said:

I bet it isn't smart enough to know my steam account that is tied to it with $1000s worth of games

hahahanoobs hahahanoobs said:

I use email mainly for website registrations and bills for stuff I buy online. My spam folder gets more of a workout than my inbox.

spydercanopus spydercanopus said:

If it didn't want access to all my email, I'd try it out. Sounds like a scam to even let it check when going through the permission approvals.

trgz said:

It couldn't seem to access anything and moaned about giving it access & IMAP - seems it ain't that clever

1 person liked this | Skidmarksdeluxe Skidmarksdeluxe said:

I bet it isn't smart enough to know my steam account that is tied to it with $1000s worth of games

I don't believe you. Give me your login details and let me make my own assessment.

Skidmarksdeluxe Skidmarksdeluxe said:

If it didn't want access to all my email, I'd try it out. Sounds like a scam to even let it check when going through the permission approvals.

I couldn't agree more.

PinothyJ said:

If I had gmail I might use this...

captaincranky captaincranky, TechSpot Addict, said:

We hear about people's accounts being compromised all the time, and naturally make some assumptions about why an attacker would want to gain access in the first place. Now you can use a tool called Cloudsweeper to figure out just...
Hey, as long as I don't have to give the Cloudsweeper people my password to find out.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.