mackeeperAnti-virus company MacKeeper is making headlines today for its lax security on a customer database that contained 13 million customer records complete with names, email addresses, usernames, password hashes, phone numbers, IP address, and system information.

As shared in a reddit post, Chris Vickery (via Forbes) was able to download the records simply by entering an IP address, with no username or password required to access the data, a major security oversight on MacKeeper's part.

MacKeeper was also using MD5 hashes for passwords, a weak algorithm that's easily bypassed using an MD5 cracking tool. As Vickery says, MacKeeper (and parent company Kromtech) "appears to have no respect for the privacy of its users' data or the integrity of their information."

Vickery did not share details on the exploit and immediately contacted Kromtech about the oversight. Using Vickery's information, Kromtech secured the database after several hours, and nobody with malicious intent was reportedly able to get ahold of customer details. With the exploit fixed, Vickery explained how he accessed the data.

Here are some details (now that it's secured): The search engine at Shodan.io had indexed their IPs as running publicly accessible MongoDB instances (as some have already guessed). I had never even heard of MacKeeper or Kromtech until last night. I just happened upon it after being bored and doing a random "port:27017" search on Shodan.

For those unfamiliar with MacKeeper, it is Mac software that purports to optimize a Mac and keep it secure from viruses and malware, tricking people into a purchase with unrealistic claims. Earlier this month, a class action lawsuit led to a $2 million settlement that will see MacKeeper providing refunds to customers who purchased the software and would like their money back.

Though MacKeeper says Vickery was the only person to access the information, MacKeeper customers should still change their passwords and passwords on sites that used the same password as the MacKeeper password.

Top Rated Comments

larrylaffer Avatar
larrylaffer
109 months ago
The part of this story that shocks me is that 13 million fell for their scam.
Score: 40 Votes (Like | Disagree)
Mac Fly (film) Avatar
Mac Fly (film)
109 months ago
It's safe to say with the amount of money MacKeeper spend on advertising on the web they must be funded by either someone high up in the online porn industry or a large criminal organisation.

I'd love to see Apple become more involved in annihilating these guys off the map. People around here are quick to call someone dumb for installing this software, but the average person doesn't have time to hang out on MacRumors. Apple need to sort these guys out once and for all.
Score: 29 Votes (Like | Disagree)
Brian Y Avatar
Brian Y
109 months ago
If any company needs to not exist, it's them.
Score: 13 Votes (Like | Disagree)
iPhysicist Avatar
iPhysicist
109 months ago
Who could have thought of this? Me! God I really hate this product.
Score: 10 Votes (Like | Disagree)
Asarien Avatar
Asarien
109 months ago
Who didn't see this coming?
Score: 9 Votes (Like | Disagree)
madcran Avatar
madcran
109 months ago
Im glad, as a Service Manager for an Apple Specialist we tell people everyday not to use this. Some people fight us on this say they love it. We try to educate them that there are free alternatives like Malwarebytes Anti-Malware for Mac and Sophos Home for Mac that do not take over your Mac and are valid companies. Actually Malwarebytes (formally Adware Medic) sees MacKeeper as malware, CAUSE IT IS!
Score: 9 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone 15 Pro FineWoven

Apple Reportedly Stops Production of FineWoven Accessories

Sunday April 21, 2024 6:03 am PDT by
Apple has stopped production of FineWoven accessories, according to the Apple leaker and prototype collector known as "Kosutami." In a post on X (formerly Twitter), Kosutami explained that Apple has stopped production of FineWoven accessories due to its poor durability. The company may move to another non-leather material for its premium accessories in the future. Kosutami has revealed...
Read Full Article430 comments
maxresdefault

Apple Announces 'Let Loose' Event on May 7 Amid Rumors of New iPads

Tuesday April 23, 2024 7:11 am PDT by
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Read Full Article226 comments
iOS 17 All New Features Thumb

iOS 17.5 Will Add These New Features to Your iPhone

Sunday April 21, 2024 3:00 am PDT by
The upcoming iOS 17.5 update for the iPhone includes only a few new user-facing features, but hidden code changes reveal some additional possibilities. Below, we have recapped everything new in the iOS 17.5 and iPadOS 17.5 beta so far. Web Distribution Starting with the second beta of iOS 17.5, eligible developers are able to distribute their iOS apps to iPhone users located in the EU...
Read Full Article
Provenance Emulator

PlayStation and SEGA Emulator for iPhone and Apple TV Coming to App Store [Updated]

Friday April 19, 2024 8:29 am PDT by
The lead developer of the multi-emulator app Provenance has told iMore that his team is working towards releasing the app on the App Store, but he did not provide a timeframe. Provenance is a frontend for many existing emulators, and it would allow iPhone and Apple TV users to emulate games released for a wide variety of classic game consoles, including the original PlayStation, SEGA Genesis,...
Read Full Article181 comments
Apple Vision Pro Dual Loop Band Orange Feature 2

Apple Cuts Vision Pro Shipments as Demand Falls 'Sharply Beyond Expectations'

Tuesday April 23, 2024 9:44 am PDT by
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
Read Full Article268 comments