MacKeeper Exposes Data on 13 Million Customers

by

mackeeperAnti-virus company MacKeeper is making headlines today for its lax security on a customer database that contained 13 million customer records complete with names, email addresses, usernames, password hashes, phone numbers, IP address, and system information.

As shared in a reddit post, Chris Vickery (via Forbes) was able to download the records simply by entering an IP address, with no username or password required to access the data, a major security oversight on MacKeeper's part.

MacKeeper was also using MD5 hashes for passwords, a weak algorithm that's easily bypassed using an MD5 cracking tool. As Vickery says, MacKeeper (and parent company Kromtech) "appears to have no respect for the privacy of its users' data or the integrity of their information."

Vickery did not share details on the exploit and immediately contacted Kromtech about the oversight. Using Vickery's information, Kromtech secured the database after several hours, and nobody with malicious intent was reportedly able to get ahold of customer details. With the exploit fixed, Vickery explained how he accessed the data.

Here are some details (now that it's secured): The search engine at Shodan.io had indexed their IPs as running publicly accessible MongoDB instances (as some have already guessed). I had never even heard of MacKeeper or Kromtech until last night. I just happened upon it after being bored and doing a random "port:27017" search on Shodan.

For those unfamiliar with MacKeeper, it is Mac software that purports to optimize a Mac and keep it secure from viruses and malware, tricking people into a purchase with unrealistic claims. Earlier this month, a class action lawsuit led to a $2 million settlement that will see MacKeeper providing refunds to customers who purchased the software and would like their money back.

Though MacKeeper says Vickery was the only person to access the information, MacKeeper customers should still change their passwords and passwords on sites that used the same password as the MacKeeper password.

Top Rated Comments

(View all)
Avatar
63 months ago
The part of this story that shocks me is that 13 million fell for their scam.
Score: 40 Votes (Like | Disagree)
Avatar
63 months ago
It's safe to say with the amount of money MacKeeper spend on advertising on the web they must be funded by either someone high up in the online porn industry or a large criminal organisation.

I'd love to see Apple become more involved in annihilating these guys off the map. People around here are quick to call someone dumb for installing this software, but the average person doesn't have time to hang out on MacRumors. Apple need to sort these guys out once and for all.
Score: 29 Votes (Like | Disagree)
Avatar
63 months ago
If any company needs to not exist, it's them.
Score: 13 Votes (Like | Disagree)
Avatar
63 months ago
Who could have thought of this? Me! God I really hate this product.
Score: 10 Votes (Like | Disagree)
Avatar
63 months ago
Who didn't see this coming?
Score: 9 Votes (Like | Disagree)
Avatar
63 months ago
Im glad, as a Service Manager for an Apple Specialist we tell people everyday not to use this. Some people fight us on this say they love it. We try to educate them that there are free alternatives like Malwarebytes Anti-Malware for Mac and Sophos Home for Mac that do not take over your Mac and are valid companies. Actually Malwarebytes (formally Adware Medic) sees MacKeeper as malware, CAUSE IT IS!
Score: 9 Votes (Like | Disagree)

Top Stories

Hands-On With iOS 14 Widgets, Custom Icons, and Home Screen Setup

Tuesday September 22, 2020 3:25 pm PDT by
Apple with iOS 14 introduced widgets on the Home Screen, leading to unprecedented levels of customization for the iPhone. Combined with Shortcuts that let you change an app's icon, iOS 14 lets you create a whole new look for your Home Screen. Subscribe to the MacRumors YouTube channel for more videos. We've been following along with some of the creative alternative Home Screen designs that M...

New Images Leak of iPhone 12 Braided USB-C to Lightning Cable

Thursday September 24, 2020 2:37 am PDT by
Rumors suggest Apple's upcoming iPhone 12 models will ship with a new Lightning to USB-C cable that includes a braided fabric design. Images of the purported cables were leaked in July, and today leaker Mr White has shared new images that give us a closer look at what we might get included in the iPhone 12 box. The photos show a USB-C to Lightning cable with a clearly braided design rather...

Apple's iPhone 12 Event Could Happen on October 13 Based on Rumors From Mobile Operators

Wednesday September 23, 2020 11:51 am PDT by
Apple's upcoming iPhone-centric event could perhaps be held on Tuesday, October 13, according to information shared with MacRumors by an employee at a UK cellular carrier. There's no way for us to confirm the dates at this point in time nor are we sure on the credibility of the source, but even without a rumor, Tuesday, October 13 is a good guess based on Apple's historic launch timelines, ...

New Version of Microsoft Office Coming Next Year That Won't Require a Subscription

Thursday September 24, 2020 1:53 am PDT by
Microsoft will next year offer a new perpetual release of Microsoft Office for Mac and Windows that doesn't require a subscription to use, according to the software giant (via Windows Central). "Microsoft Office will also see a new perpetual release for both Windows and Mac, in the second half of 2021," said Microsoft in a blog post announcing the next version of its Exchange server,...

Interest in iOS 14 Home Screen Ideas Helps Pinterest Break Daily Download Record

Wednesday September 23, 2020 4:37 am PDT by
Apple's introduction of widgets on the Home Screen in iOS 14 has driven a surge in interest among users looking to customize their iPhone, and that has reportedly had a knock-on effect for Pinterest, whose iOS app has seen record downloads as users flock to its content seeking design inspiration. As reported by TechCrunch, App Store intelligence firm Apptopia was first to note the impact of ...

'iPhone 12 mini' Name Reappears in Leaked Apple iPhone 12 Case Stickers

Friday September 25, 2020 1:58 am PDT by
Earlier this week a proven leaker claimed that the iPhone 12 lineup would be named "iPhone 12 mini," "iPhone 12," "iPhone 12 Pro," and "iPhone 12 Pro Max," and today the same nomenclature has appeared again in a photo depicting alleged stickers from unreleased Silicone iPhone cases originating from Apple's international distribution center in Ireland. The photo shows three stickers with the...

Apple Releases iOS 14.0.1 With Fix for Bug That Resets Default Apps After Rebooting

Thursday September 24, 2020 10:12 am PDT by
Apple today released iOS 14.0.1, the first update to the iOS 14 operating system that was released on September 16. Today's update is a bug fix update addressing issues that weren't able to be fixed in the initial iOS 14 launch. The iOS 14.0.1 update is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General > Software Update. ...

Apple Emphasizes That Solo Loop May Increase in Length Over Time, Updates Sizing Guide With More Specific Instructions

Wednesday September 23, 2020 8:26 am PDT by
Apple on Tuesday updated one of its support documents to emphasize that the new silicone rubber Solo Loop for the Apple Watch may increase in length over time, as mentioned in fine print at the bottom of the Solo Loop product page. Apple has also updated its printable Solo Loop sizing guide with more specific instructions, as noted by 9to5Mac's Michael Steeber. The guide now advises users to ...

iOS 14 Widgets Offer iPhone Users Creative Home Screen Ideas

Sunday September 20, 2020 8:43 pm PDT by
Updated on September 22nd with hands on video. In iOS 14, Apple introduced ‌the concept of Home Screen‌ widgets, which provide information from apps at a glance. Widgets can be pinned to the Home Screen in various spots and sizes, allowing for many different layouts. Despite the relative lack of...

Kuo: Mini-LED Displays to Debut in Apple's Next iPad Pro

Tuesday September 22, 2020 11:45 pm PDT by
Following his report earlier this week indicating that Apple will be accelerating adoption of mini-LED displays in its iPad and Mac notebook lineups thanks to better than expected development from potential secondary supplier Sanan Optoelectronics, analyst Ming-Chi has released a new report today sharing a bit more perspective on the mini-LED display market as it relates to Apple. Kuo says...