What’s Your Gmail Account Worth to Hackers?

What's Hot


The Most Sinful City in the U.S. Is … (Hint: It’s Not Vegas)Family

How a Mexican Tariff Will Boost the Cost of 6 Common PurchasesFamily

This Free Software Brings Old Laptops Back to LifeMore

How to Protect Yourself From the ‘Can You Hear Me?’ Phone ScamFamily

Report: Walmart to Begin Selling CarsCars

Where to Sell Your Stuff for Top DollarAround The House

Is Your TV Tracking You? Here’s How to Tell — and Prevent ItAround The House

11 Staging Tips to Help You Get Top Dollar When Selling Your HomeAround The House

21 Restaurants Offering Free Food Right NowSaving Money

20 Simple Hacks to Make Your Stuff Last LongerAround The House

4 Car Insurers That Might Raise Rates Even When the Accident Wasn’t Your FaultCars

How to Invest If Trump Kills the ‘Fiduciary Rule’Grow

12 Surprising Ways to Wreck Your Credit ScoreBorrow

9 Secret Ways to Use Toothpaste That Will Make You SmileAround The House

The 2 Types of Music That Most Improve Dog BehaviorFamily

A new tool can tell you how much your Google email account would go for on the black market — and how to make it less of a target.

Email is often a central link to most of our online lives.

When we forget a password, we can reset it by email. We keep records of transactions there — often full of links to our other accounts. We have contact lists and personal information.

All of this could be valuable if a hacker figured out the password. A research team at the University of Illinois at Chicago wants to demonstrate just how valuable.

They’ve built a free tool called Cloudsweeper, which can search your Gmail account for links to other accounts and find any instances where you’ve been emailed your password in plain text.

If you have the bad habit of using the same password in multiple places — and one of them happens to have emailed you that password in the body of an email at some point — a hacker could use it to gain access to any of those accounts.

I tried the scan. It found 149 possible passwords in 704 messages. Many of them weren’t things I recognized as passwords (it will block out all but the first and last characters), but a few were. Enough to scare me a bit.

I used the tool to encrypt those passwords, which took a while but means they would be unintelligible to hackers without a special gibberish password, which the site creates so I can unlock them. In the example they give, a password that would normally show in an email would instead display as something like “[wImYDaM5DBJZqgLrSYekjQ== ZmwDVbzid7+7LQ6R3uDj+xPnDt1nuxEFDJTxhKPh5T0=]”. (The code to reveal it is a similar mess.) There is also an option to permanently delete the passwords, but I figured I might need one of them eventually.

Cloudsweeper also tells me my email would be worth $28.30 on the hacker black market, and breaks down that value. Because my email is linked to my Amazon account, for instance, that’s worth $15. Apple is worth $8, and Facebook is worth $5. The researchers base the values on actual “recent underground prices” they found.

The researchers recommend users change passwords they’ve reused, especially at insecure sites that email them to you in plain text on request. They also recommend using two factor authentication, which would require a hacker to have both your phone and your email password to get in. You can enable that for your Google account here.

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!

💰🗣📰

Read Next: 21 Restaurants Offering Free Food Right Now

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,765 more deals!