Gmail backup software G-Archiver, that should save all of the emails in the inbox on your hard drive, proves to be a user's nightmare, as Coding Horror reported
that, besides doing what it is advertised to, the software also emails the user name and passwords of those who have installed and used it, to the apparent creator, John Terry.
Fortunately for those who now feel like they're in peril of losing everything, Dustin Brooks has reverse-engineered the software and found Terry's user name and password and changed the latter after deleting the 1,777 messages containing information about others. He also contacted Google support, because this is something they should hear about, analyze and stop it from ever happening again.
Right, first off, those people shouldn't have given their personal information to anybody and any site that doesn't have google.com in its URL, as shown in the browser and not in any desktop app. Second, if after considering the previous, you still feel the need to give your credentials, take into consideration that Gmail is a window to the Google slew of services, and besides your email, you might also lose all of your Docs & Spreadsheets account content, Calendar and Apps just the same.
According to Google's Apps Security Policy, "Google Apps integrates with standard web SSO systems using the SAML 2.0 standard. This allows integration with custom sign-on and/or advanced authentication (SecureID). Solutions can be custom made or Google Partner supplied." Nevertheless, not a lot of individuals or companies will use SecureID for authentication, so the problem remains just as important.
If something is stored on a Google server, email and whatnot included, it is effectively one password guess away from being public property, as shown by this scam. And if users give up their password at their own free accord, there's no telling what might happen with the contents of the accounts.