Beware of G-Archiver - gHacks Tech News

Beware of G-Archiver

What would you do if you had purchased a software program that would archive your Gmail mails and found out that the software sends your username and password to the Gmail account of the author of the software? That's apparently what has happened to users who purchased the program G-Archiver by John Terry.

Dustin Brooks reverse engineered the program and discovered the plain text username and password of the software developer. He was wondering why someone put his own mail information in the source code and discovered that it was being used to send the username and password of the G-Archiver user to the author's own email account.

With the login credentials at hand, he decided to investigate further and logged into the Gmail account of John Terry only to find out that the Inbox had 1777 messages each containing usernames and passwords of users of the software.

gmail password thief

If you have been using G-Archiver make sure you change your password immediately and report the incident to the online store where you made the purchase. It is also a good idea to contact Google because they can then lock the account so that emails cannot be accessed anymore, reset user passwords of affected accounts, and even use legal means to track down the author of the program.

The main problem here is that users trusted the author and the promises he made about the program. Just a little bit of research would have lead to other safer options, such as integrating Gmail into a local email client such as Microsoft Outlook or Mozilla Thunderbird.

The effect would be the same but without any trust issues as both programs that I have mentioned in the last paragraph are developed by legitimate companies and organizations.

Probably the best alternative that you have right now to back up all your Gmail emails is Mailstore Home. It is regularly updated and supports Gmail out of the box. While you still need to supply your account credentials to make this work, you do not have to worry about handing over your data to a third-party that abuses your trust.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. WCS.Tony said on March 11, 2008 at 3:55 pm
    Reply

    Why use anything like this?
    Just use Outlook Express (that comes free with Windows, Outlook, Mozilla … any POP3 email client!
    Just change the setting to leave the email on the server (if you so wish). Then run the mail client to download and store all emails on you PC. If you prefer to use the web based email client just run the mail client once a week.

    Once downloaded the resulting mail files can even be archived to DVD or another drive.

  2. Daniel said on March 11, 2008 at 4:49 pm
    Reply

    Yes, I don’t understand either. You can use Thunderbird as well, free anywhere, or MailStore which was reviewed here as well.

    I hope the guy gets caught, I really hate people like this.

  3. Dante said on March 11, 2008 at 5:57 pm
    Reply

    To WCS.Tony: now that would be the LOGICAL way of doing things. Nobody ever claims the general public to be Logical :)

    I personally use Yahoo premium mail for US$20 per year. It lets me easily zip and archive all my files. And with unlimited storage, I find it easier to load my software up there for retrieval at client sites should I need it. Sometimes I forget my USB stick.

  4. mattia said on March 11, 2008 at 6:05 pm
    Reply

    I really hope that Dustin deleted all the email L/P and changed the password of the fraud account. This way this “John” won’t be able to get the info even before gmail blocks his account! :P

  5. Max said on March 11, 2008 at 7:11 pm
    Reply

    http://www.garchiver.com/what-happened.htm

    They say that the stealing of user emails and passwords was unintentional because a programmer forgot to remove that chunk of code from the release version. I don’t know how many people are going to trust this program now though.

  6. zzzZZZzzz said on March 11, 2008 at 10:02 pm
    Reply

    Yeah, all that is just to debug the code :)

  7. Brent said on March 12, 2008 at 9:07 am
    Reply

    Malicious? Probably not. Just a debugging process.

    The biggest security threat now is that people have released how to get into jterry’s email account… Hopefully he’s changed that pass though.

  8. uhoh said on March 12, 2008 at 1:35 pm
    Reply

    lol

    What happened with G-Archiver?

    It has come to our attention that a flaw in the coding of G-Archiver may have revealed customer’s Gmail account usernames and passwords.

    It is urgent that you remove the current version of G-Archiver from your computer, and change your Gmail account password right away.

    What happened was that a member of our development team had inserted coding used for testing G-Archiver in the debug version and forgot to delete it in the final release version.

    We sincerely apologize and assure you that this coding mishap was in no way intentional.

    We’ll be releasing a new version that corrects the flaw in version 1.0. The new version will be available very soon.

  9. jas said on March 14, 2008 at 6:48 am
    Reply

    Oh!! debugging code, and that was why it was collection everyone’s email/pass!

    makes perfect sense!

    not a trojan _at_ _all_

  10. David said on March 14, 2008 at 7:02 am
    Reply

    ….debug code? Bull, if that’s all it was the code would have been pulled already and the program would be compiled and back up.

    This was more than just debug code.

  11. Lo said on March 15, 2008 at 12:01 am
    Reply

    tell me more

  12. Rich said on March 15, 2008 at 8:49 am
    Reply

    You don’t go into a hardware store and purchase ‘a hardware’ so why do you think you would purchase ‘a software’? You purchase ‘software’, ‘some software’, or even ‘a software program’, but not ‘a software’. That’s just noobish.

  13. jcorvus said on March 16, 2008 at 12:07 am
    Reply

    Pity you don’t check your English before you publish to the World…

  14. Bull3t said on March 16, 2008 at 7:05 pm
    Reply

    Rich and jcorvus: It is a pity that you like to pick holes in other peoples writing. Especially when you use words like “noobish” yourself. Nicely done.

    There is absolutely no need to take a dig at the post author for simple mistakes.

  15. Chuck Tomasi said on March 22, 2008 at 2:50 pm
    Reply

    I’m with Mattia. I would have changed John Terry’s password and thrown a monkey wrench in his operation. Some people!

    –Chuck Tomasi
    –Host and producer of Technorama, Gmail Podcast, Freestyle, and Radio Yesterday

  16. ma65p said on March 30, 2008 at 4:33 am
    Reply

    For those of you who do not know what G-archive is, it archives your documents and then sent them to your Gmail account via email. This way, you can utilize storage space provided by Gmail. G-archive is NOT an EMAIL CLIENT.

    Ok, here is my opinion. I really like the idea (great idea), I used this software once, but Gmail had only several GB of storage (and still counting). Since I bought a new external hard drive, I just stop using G-archive. Also, I don’t use Gmail, I like yahoo mail better. POP3 is great, but still, what is that chance all yahoo servers crash and I lose all emails in my account? Not in my life time, I don’t think.

    And, I have to say this every time I post something, please excuse my English.

    Thanks, and sucks for G-archive, no matter what, it was still a great idea.

    I do kind of trust them about the debugging code excuse. Say, if itune store put a code to collect my visa card info, I wouldn’t know either. The thing is that G-archive got caught, and, and the creator STORE his client’s email user and pass. He’s in deep trouble. I hope he doesn’t get sued.

    Crap, I need to stop, well, buy an external hard drive, then no more G-archive.

  17. mr poo said on April 3, 2008 at 9:31 am
    Reply

    I especially like how people were actually stupid enough to pay for this rubbish. Even if it wasn’t a Trojan it’s still a pointless idea. Gmail gives you so much space that it’s going to be a long time before you run out anyway. At which point you can probably just delete most of the emails and print the really important ones. Why bother hording all your old emails from years ago? Seriously just let it go.

    And their excuse is pure crap. Yeah, the developer added code to send himself everyone’s password “by mistake” to “debug” the software. That makes perfect sense.

    “Say, if itune store put a code to collect my visa card info, I wouldn’t know either. The thing is that G-archive got caught”

    So you’re saying its ok for them to steal your personal information as long as they don’t get caught?

  18. ma65p said on April 3, 2008 at 11:26 am
    Reply

    A respond to mr poo,

    Ok, G-archive is not an email client; it does not download and back up your emails. IT BACKUPS YOUR DATA ON GMAIL. So, with G-archive, Gmail is not simply an email account but also a storage space. I think you did not know the true function of G-archive, a bit of researching and reading will help.

    Secondly, people are not stupid. Most of us do things for a reason. You are right, why save all emails? But G-archive is not meant for that, so your statements do not apply. And you are right again, Gmail got plenty of space for emails and with G-archive, we can shove more documents in there to utilize all the space provided. G-archive was built base on such a simple but innovative idea. And people would like to use everything that they are provided with. Stupid people don’t do that.

    One more thing, do you think that printing an email kinds of defeating the purpose of having an email? Think about it. They are meant to be digital.

    Finally, I am not saying it’s ok to steal personal information. My point is that when a product is found to be malicious, we all laugh at those who use the product (and we do not have any background knowledge about the product and what it’s for or why people bought them). The lesson is not “Trojan is ok” but it’s more important to learn that any software you trust can be harmful. And don’t call people stupid because you can be one someday.

    Having said that, I won’t call you stupid, but next time, make sure your know what you are talking about before criticizing it. Again, G-archive is not an email client.

    Enough said

    Oh, by the way, I hate Gmail. But I have it for my spam storage (^.^)

  19. mr poo said on April 3, 2008 at 3:40 pm
    Reply

    ma65p:

    I never said it was an email client, I said it’s for backing up emails and the reason I say this is because it’s written multiple times on the G-archive site itself:

    “G-Archiver is your one click Gmail backup solution. Backup Gmail email messages to your computer using G-Archiver. Never lose another message – backup Gmail messages and you’ll have a stored copy on your computer in the event of Gmail data loss incidents.”

    The first 3 sentences from the description on the front page all say that G-archiver is used to copy messages from gmails storage to your own hard drive. But if you don’t believe that, just look at the screenshots: http://www.garchiver.com/screenshots.htm

    They clearly show NO WAY to copy files from your hard drive to Gmail. They do show a way to download email off of Gmail and onto your hard drive.

    Don’t take this the wrong way, but a bit of researching and reading on your part would help. I am aware of programs that copy files to gmail, but this is not one of them. Perhaps you’re thinking about something else.

  20. mr poo said on April 3, 2008 at 3:45 pm
    Reply

    Also they market their entire product on the basis that Gmail will someday fail and lose all your emails. So they’re either lying or seriously underestimating Google.

    You don’t think a company with more computing power than any other on the planet would have a few backups of their own?

  21. The Baldchemist said on December 3, 2008 at 12:39 pm
    Reply

    Hello.
    The word you needed to use is sent with a t not send.
    Sorry but as you used to twice I thought it polite to point it out.
    Cheers.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.