One of the central points of failure is an email address. We use email addresses used to get access to our bank accounts, social networks and much more. For SMB and Enterprise, email addresses are the most often targeted entry point for advanced persistent threat (APT) attacks.But how good are we are at protecting our email accounts? There's always a compromise between security and usability. There were times when you would need to obtain all the information about smtp/pop/imap servers and enter them in order to configure your email account. Now it is as simple as just typing your email and password. But when you rely on technology that simplifies your life, it is always complex and sophisticated inside and there is always a huge risk of failure in implementation. chance of failure to implement it.In our presentation we will disclose severe vulnerabilities of mail clients as well as software services that could lead an attacker to take over access to sensitive user information - sometimes including usernames and passwords. We'll also demonstrate how improper email client implementation can leak user credentials and what software developers, server administrators and users can do to prevent it.Attendees will see a live data feed with popular email client names and who's leaking what. At the final part of our presentation we'll talk about other attacks and what power attackers can potentially get in the case of vulnerable client implementations.