Be Careful When Using Pidgin as Default Chatbox ::A Hack for Knowing Password

February 24, 2012

Most of time , we have this practice to add multiple accounts to pidgin as it is very widely used chatbox for professionals.They call it an universal chatbox. Truely speaking, most of the professionals add up multiple accounts to it. Moreover we all store password inside the pidgin. It gives us the support to store those.
Mechanism is very simple...when we activate the pidgin by double clicking on the icon..automatically it opens up with all the account logged in.
Recently , it has been seen that saving your password inside pidgin is not safe and it is very easy to get hacked!!!.

Supported chat networks:
  • AIM
  • Bonjour
  • Gadu-Gadu
  • Google Talk
  • Groupwise
  • ICQ
  • IRC
  • MSN
  • MXit
  • MySpaceIM
  • SILC
  • Sametime
  • XMPP
  • Yahoo!
  • Zephyr

Lets see how to know the password of one who is using pidgin...

  1. Go to Start
  2. Click on run
  3. Write "%appdata%" in the run text box
  4. It will open up the application data folder for you.
  5. Find out ".purple" folder and open it
  6. Find out "accounts.xml". Write click on it and open in Notepad
  7. You can see all the saved id ,status, and password 

All hackers might run a small java file (.jar) or a simple javascript file in the backend to know all your ids and passwords.

This is bug of pidgin. Read here for more.

You Might Also Like