The Right Click

Find out how much your email is worth to a hacker

View photo

.

(Screengrab from Cloudsweeper)

You may not think that your email account is very valuable (and really, can you put a price on cat GIFs forwarded from grandma?), but to a hacker, it can be worth a pretty penny.

A tool called Cloudsweeper will tell you exactly how much your email (Gmail, specifically) could be worth. It’s part of a project being conducted by researchers at the University of Illinois at Chicago, Geek.com reports, on how people reuse passwords, and whether their repeated use is actually something that concerns users.

The more relevant part to you is how Cloudsweeper can help you out: by authorizing the Cloudsweeper app to scan your Gmail account, it classifies your password protection into three categories of potential risk: emails with text passwords are the highest risk, followed by password reset links emailed to you, then any service (like Facebook or Twitter) that has access to your email account.

Cloudsweeper also shows a dollar amount next to certain services, showing what the going rate would be for your login information if it were to be farmed from your email, and sold on the seedy underbelly of the Internet. It doesn’t price out every service, but on my scan, it listed Facebook, Twitter, Amazon, Apple and Tumblr as all being of some value. If someone were to hack me, all they’d get is a whopping $28.60. Of course, if a hacker were to unleash a malware program that affected thousands of computers with access to Gmail accounts, he or she would be able to make quite a bit of money.

[ More Right Click: Chinese teen sells kidney to repay video game debts ]

Now, if you’re a bit squeamish letting a tool that’s all about not letting people access your account then access your account, that’s perfectly understandable. The online security blog Krebs on Security interviewed Chris Kanich, assistant professor at UIC, who explains that Cloudsweeper doesn’t keep any of your credentials, and forgets you even visited the site after 60 minutes of inactivity. All that’s kept is your anonymous data that will be included in the study, if you agree to participate (optional when you use the tool).

After you’ve run the scan, you have the option to then encrypt the messages posing a potential risk using Cloudsweeper, but you’ll need to use the tool again to decrypt them, and there’s no way of knowing how long that tool will be available. Alternatively, if you want to make sure your Gmail account is better protected, you can sign up for Google’s two-factor authentication process.

Need to know what’s hot in tech? Follow @yrightclick on Twitter!

View Comments (18)