Cloudsweeper – Find out how much your gmail account is worth to a hacker

Take a second to think about all the data that resides in your email accounts.  Most of us don’t realize how valuable the data in those emails could be to a hacker. Emails that contain password reset links, for example, are like cash to a hacker.

Cloudsweeper is a tool created by researchers at the University of Illinois at Chicago that scans your gmail account for information that a hacker might find valuable and puts a dollar amount on it.  The researchers are studying how people use and reuse passwords.

To use Cloudsweeper, click on the Account theft audit link.

pcoverhaul-couldsweeper-audit

Just click the Scan Gmail Account button to continue.

pcoverhaul-couldsweeper-gmail

If you’re not logged into your gmail account, you will be prompted to do so at the next screen. Keep in mind you ARE giving these researchers a chance to scan your emails. if you’re uncomfortable with that, you shouldn’t use this tool.

pcoverhaul-couldsweeper-permission

Now Cloudsweeper will scan your account and let you know which accounts a hacker could gain access to using the information in this gmail account and how much they could potentially be sold for.

pcoverhaul-couldsweeper-main

 I have multiple gmail accounts, which I use for different purposes. Here are the results for my personal account.

pcoverhaul-couldsweeper-main-gc

The gmail account I use for business was worth a bit more.

pcoverhaul-couldsweeper-main-gc

In both cases my amazon.com information alone was worth $15.

Cloudsweeper also gives you the option to either wipe those passwords away permanently or encrypt them so only you will be able to access them, even if someone gets into your account later.

pcoverhaul-couldsweeper-password-audit

Cloudsweeper will scan the email again, this time just for passwords.

pcoverhaul-couldsweeper-password-scanning

Depending on the amount of mail you have the scan can take a few minutes. The results show every email account that’s associated with some kind of potential password. Here were my results.

pcoverhaul-couldsweeper-password-results

You can redact the emails, which erases them completely, or encrypt them. I chose to encrypt mine. because I may need access to them again in the future.

pcoverhaul-couldsweeper-password-cleaningI had a very large number of passwords to encrypt, so it took over an hour. When it was done, it reminded me to back up or print my text key and/or QR code, because without these I will not have access to those passwords in my email in the future.

pcoverhaul-couldsweeper-password-doneI took the extra step of removing the access permissions in my gmail account so cloudsweeper would not be able to read my email again. If you would like to do the same thing, or just want to know which applications have access to your gmail, see my post on revoking permissions in gmail accounts.

 

Uncategorized
Leave a Reply

Your email address will not be published. Required fields are marked *