Developer Shipped Backdoor Hack With G-Archiver for GMail

A serious Gmail account hacking backdoor, has been found in the popular Gmail archiving software G-Archiver. This application, in all its innocence, allows you to download and backup all emails from your GMail account. But apparently the developer included the code to send an email to his email ID with all usernames and passwords!

G-Archiver has posted this explanation of what happened: "It is urgent that you remove the current version of G-Archiver from your computer, and change your Gmail account password right away. What happened was that a member of our development team had inserted coding used for testing G-Archiver in the debug version and forgot to delete it in the final release version."

Hopefully, G-Archiver will release a new version very soon.

Link: Details at WinVistaClub.

Report a problem with article
Previous Story

Smart Install Maker 5.02

Next Story

CodeLite C/C+ IDE Rev, 1145 is released

19 Comments

Commenting is disabled on this article.

Just use gmail via pop3 on your work machine and have gmail also save a copy of your emails under all mail. Thats what I do. Plus any emails you sent also get saved under sent items on gmail.

lol, cant wait to so the list of changes for the new version..lol

1.updated blah blah
2.new somethin or other
3.removed backdoor hack

The only thing i worried about is that he said that he has asked google to delete the account. I hope that google will delete the account but also block anyone else trying to setup that google account, as im sure it will take a while for people to upgrade to a newer version without the debug code.

Accident or not, I think they're done. If you wanna archive your webmail locally, use a proper client like Outlook or Thunderbird etc., not such crap.

(GEIST said @ #5)
use a proper client like Outlook or Thunderbird etc., not such crap.

Lets get back to outlook not being crap and the HL2 source code being leaked... Oh yeh, outlook is crap, sorry

(n_K said @ #2)
Oh yeh, outlook is crap, sorry

And what is your basis for that statement, or the alternative you suggest? Outlook manages my life and business, as well as my universities communication, for us, it is definitely not crap.

Eh! i never used G Archieve

bad for those who used it for long time :P

Hope it will be fixed in the coming release
Then it'll be worth a try for me

"What happened was that a member of our development team had inserted coding used for testing G-Archiver in the debug version and forgot to delete it in the final release version."

Yeah right!

This is basically a non-issue since you surrender any concept of privacy when you sign up for a Google service anyway.

(C_Guy said @ #2)
This is basically a non-issue since you surrender any concept of privacy when you sign up for a Google service anyway.

You're kidding, right? And individual or a group of individuals obtaining your account username and password without your knowledge nor consent isn't anywhere near Google scanning your mail to target ads at you, which you agrre to when using Gmail.

"a member", huh? what kind of useful debug information is included in the username and password being used?
sure as hell never installing any version of this :P

(Menge said @ #1)
"a member", huh? what kind of useful debug information is included in the username and password being used?
sure as hell never installing any version of this :P

I suppose it's nice to make sure that all of the usernames and passwords are being stored correctly, but there's absolutely no need to email that data anywhere, it could just as easily be put into a text file and output with all sorts of other debugging information.