When it comes to using the Internet, an email account is the base requirement for providing identification. Nearly everything from commenting on an article to creating an account on a new website requires an email address. Most of us log into websites with our email without giving it a second thought, which is understandable because it’s the standard for confirming who we are at least once. Given how easily we throw our email addresses around, it’s easy to forget the importance of the data that is or will eventually find its way into the inbox. Password reset links, account confirmations, bank statements - it all ends up in that one, convenient spot.

Unfortunately, most people don’t keep their email as secure as the data their inboxes contain would warrant. That’s actually incredibly alarming considering once someone has access to an email account, taking over additional accounts, sending spam, and stealing data and money is not a difficult task. Perusing the Internet and attempting to send password reset links from all the commonly used websites will yield a fair number of additional hijacked accounts that are incredibly difficult to reclaim ownership of. If you use any sort of online file storage or a chat service bundled with your email, your attacker now has access to a large amount of your data to do with as they please - and they likely won’t be friendly with it. Finally and most publicly is the spam that your contacts would be receiving from someone masquerading as you.

Unfortunately, that’s not the full extent of what can be obtained. By looking through the contact list, trash, and archive folders it isn’t a stretch to determine what banks you use, where you work, and who you talk to. In all likelihood, your online banking accounts will also send account confirmations and password reset emails to your inbox as well. At this point, it’s possible for an attacker to literally hold your accounts for a ransom. However, If the attacker isn’t up for putting on a show, then they’ll likely take what they can get their hands on and sell the rest. Many established accounts with online retailers and social networks can be bought and sold as commodities on the darker side of the Internet.

Considering that access to a single email account can destroy every side of an online identity from public accounts to private files, something that does happen - one such story was covered by me: http://www.thenaterhood.com/blog/index.php?id=post&node=2012.08.08, better ways of securing email are being implemented by webmail providers. The web can be a scary place, and the fact that in general people don’t put a lot of effort into making sure the center of their personal web is secure is scary and easily remedied. Many webmail providers including Google, Yahoo, and Outlook now offer additional two-step authentication so that logging in requires both a password and your cell phone. Keeping your data safe on the web is up to you, not just the services you entrust it to, so make sure to use the security features available.

Also see: https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/