Most Secure Email Provider: Is Gmail Better Than Yahoo?

With Yahoo’s announcement it had confirmed 1 billion of its accounts had been hacked, you may be wondering which email provider is the most secure.

Yahoo said Wednesday user data apparently was stolen by a “state-sponsored actor” in August 2013, including names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers. It was the second confirmation of a massive intrusion in recent months. Yahoo announced Sept. 22 an intruder had used forged cookies to gain access to 500 million accounts.

But Yahoo is far from the only provider that has been hacked. Google announced last month it had patched a hole in its Gmail verification system that allowed a hacker to hijack a targeted Gmail account.

The hack exploited a verification bypass vulnerability that allows users to send email from a second Gmail account and make it look like the target account was the sender. The problem was discovered by security researcher Ahmed Mehtab, founder of Security Fuse.

Kaspersky Lab reported Mehtab was able to send email as google@gmail.com and gmail@gmail.com by using deactivated, nonexistent or blocked email accounts.

People running an older version of Android could be putting their Gmail accounts at risk, CheckPoint reported Nov. 30. The cybersecurity firm said a piece of malware called Gooligan mines Android devices for email addresses and authentication tokens, giving hackers the ability to breach Gmail, Google Photos, Google Docs, Google Play, Google Drive and G Suite accounts. The company said 1 million Google accounts had been affected at a rate of 13,000 devices a day.

WikiHow lists several ways to hack Gmail, admonishing that it’s illegal to hack anyone’s account except your own. The first method involves a key logger that needs to be installed on a target computer. The second method is to enable autofill and let the computer do the work for you. The third method is to use a packet sniffer, which seeks out cookies.

There are three easy ways to determine if your Gmail account has been hacked, ShoutMeLoud advised last month. One way is to check the activity log at the bottom of your account page to determine when the account was last accessed. The second is to go to the forwarding page and determine whether someone has been rifling your account. Also check to see if the IMAP and/or POP features are enabled. If they are and you’re not using a third-party email program, turn them off since anyone can collect your email in their accounts if they know your password.