Why do many websites ask for work emails instead of personal emails while registering?

Haox
3 min readSep 10, 2023
Photo by Solen Feyissa on Unsplash

General opinion:

Being in an industry that works with organizations and not with individuals, it is considered to be useful to have their work emails to create a relationship of retention. There’s no whose account is it? disputes and easier handoff organizations.

Alternate opinion:

In addition to the above, there is one more good reason why a work email is forced at times. It saves both (email taking and giving) organizations on if the registering user isn’t careful with their data. What do I mean? It gives an edge onto not some specific internal details leak if someone is hacking or social engineering a particular user’s account.

Probably you’re in the abstract layer of what I’m saying. Let me explain in brief.

If a hacker is having someone’s personal account, and want to know about the person to use them as bait for launching a security audit/attack, one would like to know even an inch of detail they can find. And we have Google involved in everyone’s social life. Google Maps happens to be one of them. Google Maps has a feature called “contributions” which basically shows all the contributions a Gmail user has made to Google Maps by doing things like leaving reviews on locations. Hackers use this feature to their advantage by looking at a target’s contributions (which are, by default, universally viewable), which (majority of the time) give us accurate information on the relative area in which they live and possibly other personal information, like their favorite has someone’s personal account and wants restaurants!

Once someone found the target’s exact address from his favorite diner on Google Maps with this technique (along with another one).

How do these people figure this all out?

It’s just 4 basic steps.

Step 1: Open the contact page of the email account. Simply put the email into it while composing and hover over it to reach Open detailed view page.

Step 2: Now, Inspect the page and find data-person-id attribute. Copy the value.

Step 3: Paste the copied value here and execute it

Step 4: From the response data, copy the id from the JSON under type: PROFILE. And open this URL: https://www.google.com/maps/contrib/<target's static ID>

You just got to see every place that person visited.

This is called OSINT(Open-Source Intelligence) investigation. A piece of public information we know is public but can be put out straight for our own use.

At the end of the day, the goals are simple: retained users and their security

Originally published at https://haox.illued.space on September 10, 2023.

--

--