What’s Your Gmail Account Worth to Hackers?

What's Hot

Do This or Your iPhone Bill May SkyrocketSave

23 Upgrades Under $50 to Make Your House Look AwesomeAround The House

Trump Worth $10 Billion Less Than If He’d Simply Invested in Index FundsBusiness

11 Places in the World Where You Can Afford to Retire in StyleMore

What You Need to Know for 2017 Obamacare EnrollmentFamily

8 Things Rich People Buy That Make Them Look DumbAround The House

32 of the Highest-Paid American SpeakersMake

Amazon Prime No Longer Pledges Free 2-Day Shipping on All ItemsMore

More Caffeine Means Less Dementia for WomenFamily

9 Tips to Ensure You’ll Have Enough to RetireFamily

5 DIY Ways to Make Your Car Smell GreatCars

30 Awesome Things to Do in RetirementCollege

5 Spots Where Retirees Can Live for Less Than $40,000Real Estate

10 Ways to Pull Together the Down Payment for a HomeCredit & Debt

10 Ways to Reduce Your Homeowner’s Insurance RatesFamily

50 Ways to Make a Fast $50 (or Lots More)Grow

A new tool can tell you how much your Google email account would go for on the black market — and how to make it less of a target.

Email is often a central link to most of our online lives.

When we forget a password, we can reset it by email. We keep records of transactions there — often full of links to our other accounts. We have contact lists and personal information.

All of this could be valuable if a hacker figured out the password. A research team at the University of Illinois at Chicago wants to demonstrate just how valuable.

They’ve built a free tool called Cloudsweeper, which can search your Gmail account for links to other accounts and find any instances where you’ve been emailed your password in plain text.

If you have the bad habit of using the same password in multiple places — and one of them happens to have emailed you that password in the body of an email at some point — a hacker could use it to gain access to any of those accounts.

I tried the scan. It found 149 possible passwords in 704 messages. Many of them weren’t things I recognized as passwords (it will block out all but the first and last characters), but a few were. Enough to scare me a bit.

I used the tool to encrypt those passwords, which took a while but means they would be unintelligible to hackers without a special gibberish password, which the site creates so I can unlock them. In the example they give, a password that would normally show in an email would instead display as something like “[wImYDaM5DBJZqgLrSYekjQ== ZmwDVbzid7+7LQ6R3uDj+xPnDt1nuxEFDJTxhKPh5T0=]”. (The code to reveal it is a similar mess.) There is also an option to permanently delete the passwords, but I figured I might need one of them eventually.

Cloudsweeper also tells me my email would be worth $28.30 on the hacker black market, and breaks down that value. Because my email is linked to my Amazon account, for instance, that’s worth $15. Apple is worth $8, and Facebook is worth $5. The researchers base the values on actual “recent underground prices” they found.

The researchers recommend users change passwords they’ve reused, especially at insecure sites that email them to you in plain text on request. They also recommend using two factor authentication, which would require a hacker to have both your phone and your email password to get in. You can enable that for your Google account here.

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!


Read Next: Taco Bell Is Handing Out Free Food for World Series Stolen Bases

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,677 more deals!