We hear about people’s accounts being compromised all the time, and naturally make some assumptions about why an attacker would want to gain access in the first place. Now you can use a tool called Cloudsweeper to figure out just how much the data in your Gmail account might be worth.
Cloudsweeper was developed by researchers at the University of Illinois, Chicago, to help collect data for a study examining password reuse. If you use the tool, you can opt-out of sharing your results with the study should you choose to do so.
Before proceeding, Cloudsweeper will ask you to agree to an informed consent information page. As you may expect, they detail what data they are collecting, to what extent they can access your information (the tool combs through all of your email, but doesn’t have access to anything else).
What’s admirable about this consent page is the discussion they raise about the possibilities of a malicious attacker breaching the service. While unlikely, it’s nice to see an application/website acknowledging the risk inherent in any web service.
As this isn’t likely a tool that you’ll use frequently, I’d suggest revoking access to the application after you’re through with the assessment.
Upon granting Cloudsweeper access using oAuth, the tool will perform a security audit on your account, checking for plain text passwords and password reset emails. It then assigns a dollar value to certain accounts it finds in your email, calculating a total potential account worth, and suggestions for adding more security.
If you’re curious, yes, that is my account pictured above, worth $28.30. Nearly all of the value comes from Amazon, Apple, and Facebook accounts, worth 15, 8, and 5 dollars respectively. This is interesting information to look at, but the security suggestions Cloudsweeper offers are run-of-the-mill solutions: password managers and two-factor authentication.