How to check your inbox for a possible security breach

11 min read

A security breach is when an unauthorized person gets access to information that contains sensitive information, such as personally identifying information, addresses, phone numbers, and similar. Usually, this is a company’s customer database that contains people’s sensitive information. Unfortunately, the type of people who do this are usually the type who also distribute or sell it to others for their own nefarious purposes.

This type of breach, unfortunately, happens every day and is what recently happened to Eye4Fraud, a company that guarantees fraud protection for thousands of e-commerce merchants. This means a lot of accounts from a lot of people who buy things online have been compromised. There’s even a list of affected vendors! How do you find out if you are one of those?

In this guide, we’re going to build an application that uses Nylas to scan your email to find mentions of companies on the “compromised” list. If a company is on the list and you had some interaction with them, it’s likely that your information was compromised, and you can take some actions to protect your accounts. While scanning for these companies won’t bring back your data, it will at least let you know if you should be vigilant.

Is your system ready?

If you already have the Nylas Python SDK installed and your Python environment configured, skip to the next section.

If this is your first time working with the Nylas SDK, I recommend reading the post How to Send Emails with the Nylas Python SDK, where I explain how to set up a basic environment.

What are we going to talk about?

  • The motivation for this application
  • What our application will look like
  • The Eye4Fraud Dataset
  • Installing the dependencies 
  • Creating the compromise checker application
  • Installing ngrok
  • Running the compromise checker application
  • What to do if your personal information is compromised?
  • What’s next?

The motivation for this application

My colleague Laura Rubin pointed me to a conversation where Hiteshseth commented that he had created a script that would check your email inbox for emails from any vendors affected by the Eye4Fraud data breach. She thought it would be a nice use case for using the Nylas APIs and I totally agree.

The original script uses IMAP for Gmail and requires that you create an app password. App passwords are single-use passwords that allow you to give different tools a basic IMAP-style login for your account, with a different password for each tool. By using Nylas, we can opt for OAuth and use any email provider that uses OAuth.

The Eye4Fraud Dataset

First, we start with the original dataset that was the first indication of the breach. You can find the original by Troy Hunt here. The first column is the merchant name and the second column is how many accounts were compromised. It contains 1670 merchant names – that’s a LOT.

So for testing purposes, we’re using just a small subset of the original Eye4Fraud dataset for our compromise checker tool.

Eye4Fraud Small Dataset

What our application will look like

Before we dig in, let’s look at what the final version of our checker app will look like. I’ll walk you through it.

First, when we launch the application, we want people to provide us with the authorization to let us search their email inbox, and that’s where OAuth comes in handy.

Compromise Checker tool

While the initial button says Sign in with Google, when you click it Nylas gives you multiple other options that you can access by clicking Select a different provider.

OAuth verification

For the sign-in page, we’re using a basic placeholder that we can easily replace.

Sign in to the provider

Once you enter your email address, the provider asks for your password. In this example it’s Google, but this works the same for Microsoft and other providers.

Enter your password

You’ll probably see a page like this. This message might seem concerning, but just means that I haven’t created a production application on GCP, so Google cannot verify it. But for a development environment, or our one-off checker tool, there’s actually nothing wrong and there is nothing to worry about. Click Continue.

Unverified app, but safe to continue

Once you agree, you get to provide Nylas with the access it requires while the application runs. This is only temporary access, and all access will be removed after the tool has run.

Provide Nylas with access

Once the application can read your email inbox, it starts looking for the names of the merchants listed in the Eye4Fraud-SiteName_Small.csv file. Keep in mind that this is just a small subset of the original file – if you want to run this against the full 1600+ dataset, you can download the original file and modify your app to use it.

Compromise checker tool working

Thankfully for me, all of these mentions are just because Le Point (One of the vendors from the list) is a French word which means Point. And living in Canada, I get English and French versions of emails all the time.

On the output, we have the email id, the subject and when we received the email. If you wanted to check further into a message you could read its content using the email ID and the messages endpoint. You could also export the output to a file or another tool for later reference.

Now that you see what we’re going to do, let’s get down to building it!

Installing the dependencies

As we want to create a Python web application, our best option is to use Flask, one of the most popular Micro Frameworks in the Python world. We might need to install some additional packages:

$ pip3 install flask
$ pip3 install Flask-Session
$ pip3 install python-dotenv

Once all this is installed, we’re ready to go.

Creating the compromise checker application

Now, we’re going to create our scheduling application with Python and Flask. We need to create a folder called CompromiseChecker with two folders called templates and static. Inside the CompromiseChecker folder, we’re going to create a file called CompromiseChecker.py with the following code:

# Import your dependencies
from dotenv import load_dotenv
import csv
import os
from nylas import APIClient
import html
from html.parser import HTMLParser
from flask import Flask, render_template, request, redirect, url_for, session
from flask_session.__init__ import Session

# Load your env variables
load_dotenv()

# Create the app
app = Flask(__name__)
app.config["SESSION_PERMANENT"] = False
app.config["SESSION_TYPE"] = "filesystem"
Session(app)

# Initialize your Nylas API client
nylas = APIClient(
    os.environ.get("CLIENT_ID"),
    os.environ.get("CLIENT_SECRET"),
    os.environ.get("ACCESS_TOKEN"),
)

# OAuth Nylas API client
api = APIClient(
    os.environ.get("CLIENT_ID"),
    os.environ.get("CLIENT_SECRET"),
)

# Call the authorization page
@app.route("/login/nylas/authorized", methods=["GET"])
def authorized():
    if session["email_address"] is None:
        code = api.token_for_code(request.args.get("code"))
        client = APIClient(
            os.environ.get("CLIENT_ID"), os.environ.get("CLIENT_SECRET"), code
        )
        account = client.account
        session["email_address"] = account.email_address
        session["participant"] = account.name
        session["access_token"] = code
        return redirect(url_for("login"))
        
# Remove auth access
@app.route("/remove", methods=["GET"])
def remove():
    api.revoke_token()
    session["email_address"] = None
    session["participant"] = None
    session["access_token"] = None
    return redirect("/")

# This the landing page
@app.route("/", methods=["GET"])
def index():
    session["email_address"] = None
    return render_template("welcome.html")

# Main page
@app.route("/login", methods=["GET"])
def login():
    if session["email_address"] is None:
        url = api.authentication_url(
            redirect_uri="http://localhost:5000/login/nylas/authorized",
            scopes=["email"],
            login_hint="[email protected]",
            state="mycustomstate",
        )
        return redirect(url)
    else:
        keywords_accounts = {} 
        # to parse unicode characters
        h = html.parser
        # Open the .csv file
        _file = open("static/Eye4Fraud-SiteName_Small.csv")
        # Read the .cvs file
        fraud_file = csv.reader(_file)
        # For each row in the file
        for row in fraud_file:
            accounts = []
            # Search in our email inbox for the merchant name
            messages = api.messages.search(f"\"{h.unescape(row[0])}\"")
            if(len(messages) > 0):
				# If we found occurences
                for message in messages:
					# Get the relevan information
                    accounts.append(message.id + " - " + message.subject + " - " + str(message.received_at))
                # Create a dictionary with the merchant name and the email information
                keywords_accounts[h.unescape(row[0])] = accounts
    return render_template("pawned.html", keywords_accounts = keywords_accounts)

# Run our application
if __name__ == "__main__":
    app.run()

In the templates folder, we’re going to create three files. Let’s start with base.html:

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <!-- Call the TailwindCSS library -->  
  <script src="https://cdn.tailwindcss.com"></script>
  <title>Email Breach Detector</title>
</head>
<body>
{% block content %}  
{% endblock %}  
</body>
</html>

Then the welcome.html file:

{% extends 'base.html' %}
{% block content %}
<div class="bg-[#315acb] border-green-600 border-b p-4 m-4 rounded grid place-items-center">
  <h1 class="text-4xl text-white">Email Breach Detector</h1><br><br>
  <img src="static/DodgeDog.jpeg"><br><br>
  <a href="/login"><img src="static/Google.png" alt="Sign in"></a>
</div>
{% endblock %}

And last but not least, the pawned.html file, which will display our compromised emails:

{% extends 'base.html' %}
{% block content %}
<div class="bg-[#315acb] border-green-600 border-b p-4 m-4 rounded grid place-items-center">
	<h3><a href="/remove" class="text-red-200"><b>Log Out</b></a></h3>
</div>
	{% for keyword in keywords_accounts -%}
		<div class="bg-[#f44336] border-green-600 border-b p-4 m-4 rounded grid place-items-center">
			{{ keyword }}
		</div>
		<div class="bg-[#eeeeee] border-green-600 border-b p-4 m-4 rounded grid">
		{% for account in keywords_accounts[keyword] -%}
			{{ account }} <br>
		{% endfor %}
		</div>
	{% endfor %}
{% endblock %}

On the public folder, we need two images: our doge splash screen image,

Doge dog checking your account

…and our log-in button.

Sign in with Google

Then we add the Eye4Fraud-SiteName_Small.csv file (You’ll want to use this small version for testing before moving into the much larger original file here.

Eye4Fraud Small Dataset

Installing ngrok

Ngrok is a globally distributed reverse proxy that allows our local applications to be exposed on the internet. We need to create a user and then install the client.

We can install it by using brew:

$ brew install ngrok/ngrok/ngrok

Then, follow the instructions on the webpage.

The first option is the installation:

Install ngrok

Once everything is ready, we can run it by typing the following on the terminal window:

$ ./ngrok http 5000
Running ngrok to make the compromise checker tool accessible from the web

Copy the Forwarding address, which we’ll use in our app. This changes every time we run ngrok.

Running the compromise checker application

To run our checker application, we need to update our Nylas application to use your ngrok url as a callback url. (If you haven’t created a Nylas application, follow the steps detailed here). Head to the application settings page, choose Authentication and then type the following on the Add your callback input box:

http://localhost:5000/login/nylas/authorized

And also the address that you copied from ngrok:

https://xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx.ngrok.io
Setup authentication on the Nylas dashboard so we can access our compromise checker tool

Once that’s set up, we start the application! Type the following on the terminal window:

$ python3 CompromiseChecker.py
Compromise Checker tool running

Our application will be running on port 5000 of localhost, so we just need to open our favourite browser and go to the following address:

http://localhost:5000

Everything should work like in the demo!

You can stop the application in Terminal by pressing CTRL + C.

What to do if your personal information is compromised?

While we hope that you don’t experience any of this, it’s better to be prepared and informed. Here are some useful links:

What’s Next?

You can check the Github repo for the Compromise Checker tool here [Coming soon].

To learn more about our Email APIs, go to our documentation Email API Overview.

You can sign up for Nylas for free and start building!

Don’t miss the action, join our LiveStream Coding with Nylas!

Related resources

How to Send Emails Using an API

Key Takeaways This post will provide a complete walkthrough for integrating an email API focused…

How to build a CRM in 3 sprints with Nylas

What is a CRM? CRM stands for Customer Relationship Management, and it’s basically a way…

How to create an appointment scheduler in your React app

Learn how to create an appointment scheduler in your React app using Nylas Scheduler. Streamline bookings and UX with step-by-step guidance.