Google has recently added search history and this got me thinking about how this information could be useful. Currently gmail is linked to all of google and if you search for something while logged into google and have search history turned on, it gets recorded. Now you have data on what the user is searching on and their habits. This information could be used to
- Target phishing and spam
- Gather topics that are popular that usually only google would have
By utilizing a wordlist across a million or so gmail accounts chances are you'd be able to get into a few. This opens up opportunity to sell search history to advertisers, spammers, and phishers.
The same goes for the email, an attacker could
identify trends in email (such as topics the user reads about) and sell to
spammers the email address and topic list. An advantage here is that by not
stealing the users bank account information (if it exists) you're not tipping
them off to anything allowing this to continue. This also allows selling an
email address to multiple parties instead of 1 per party (since they'd suck it
dry). Of course this could affect any email system and not just gmail. Enough
ranting for today.