mackeeperAnti-virus company MacKeeper is making headlines today for its lax security on a customer database that contained 13 million customer records complete with names, email addresses, usernames, password hashes, phone numbers, IP address, and system information.

As shared in a reddit post, Chris Vickery (via Forbes) was able to download the records simply by entering an IP address, with no username or password required to access the data, a major security oversight on MacKeeper's part.

MacKeeper was also using MD5 hashes for passwords, a weak algorithm that's easily bypassed using an MD5 cracking tool. As Vickery says, MacKeeper (and parent company Kromtech) "appears to have no respect for the privacy of its users' data or the integrity of their information."

Vickery did not share details on the exploit and immediately contacted Kromtech about the oversight. Using Vickery's information, Kromtech secured the database after several hours, and nobody with malicious intent was reportedly able to get ahold of customer details. With the exploit fixed, Vickery explained how he accessed the data.

Here are some details (now that it's secured): The search engine at Shodan.io had indexed their IPs as running publicly accessible MongoDB instances (as some have already guessed). I had never even heard of MacKeeper or Kromtech until last night. I just happened upon it after being bored and doing a random "port:27017" search on Shodan.

For those unfamiliar with MacKeeper, it is Mac software that purports to optimize a Mac and keep it secure from viruses and malware, tricking people into a purchase with unrealistic claims. Earlier this month, a class action lawsuit led to a $2 million settlement that will see MacKeeper providing refunds to customers who purchased the software and would like their money back.

Though MacKeeper says Vickery was the only person to access the information, MacKeeper customers should still change their passwords and passwords on sites that used the same password as the MacKeeper password.

Top Rated Comments

larrylaffer Avatar
109 months ago
The part of this story that shocks me is that 13 million fell for their scam.
Score: 40 Votes (Like | Disagree)
Mac Fly (film) Avatar
109 months ago
It's safe to say with the amount of money MacKeeper spend on advertising on the web they must be funded by either someone high up in the online porn industry or a large criminal organisation.

I'd love to see Apple become more involved in annihilating these guys off the map. People around here are quick to call someone dumb for installing this software, but the average person doesn't have time to hang out on MacRumors. Apple need to sort these guys out once and for all.
Score: 29 Votes (Like | Disagree)
Brian Y Avatar
109 months ago
If any company needs to not exist, it's them.
Score: 13 Votes (Like | Disagree)
iPhysicist Avatar
109 months ago
Who could have thought of this? Me! God I really hate this product.
Score: 10 Votes (Like | Disagree)
Asarien Avatar
109 months ago
Who didn't see this coming?
Score: 9 Votes (Like | Disagree)
madcran Avatar
109 months ago
Im glad, as a Service Manager for an Apple Specialist we tell people everyday not to use this. Some people fight us on this say they love it. We try to educate them that there are free alternatives like Malwarebytes Anti-Malware for Mac and Sophos Home for Mac that do not take over your Mac and are valid companies. Actually Malwarebytes (formally Adware Medic) sees MacKeeper as malware, CAUSE IT IS!
Score: 9 Votes (Like | Disagree)

Popular Stories

Provenance Emulator

PlayStation, GameCube, Wii, and SEGA Emulator for iPhone and Apple TV Coming to App Store

Friday April 19, 2024 8:29 am PDT by
The lead developer of the multi-emulator app Provenance has told iMore that his team is working towards releasing the app on the App Store, but he did not provide a timeframe. Provenance is a frontend for many existing emulators, and it would allow iPhone and Apple TV users to emulate games released for a wide variety of classic game consoles, including the original PlayStation, GameCube, Wii,...
iPhone 15 Pro FineWoven

Apple Reportedly Stops Production of FineWoven Accessories

Sunday April 21, 2024 6:03 am PDT by
Apple has stopped production of FineWoven accessories, according to the Apple leaker and prototype collector known as "Kosutami." In a post on X (formerly Twitter), Kosutami explained that Apple has stopped production of FineWoven accessories due to its poor durability. The company may move to another non-leather material for its premium accessories in the future. Kosutami has revealed...
Delta Feature

Delta Game Emulator Now Available From App Store on iPhone

Wednesday April 17, 2024 9:58 am PDT by
Game emulator apps have come and gone since Apple announced App Store support for them on April 5, but now popular game emulator Delta from developer Riley Testut is available for download. Testut is known as the developer behind GBA4iOS, an open-source emulator that was available for a brief time more than a decade ago. GBA4iOS led to Delta, an emulator that has been available outside of...
iPad Air 12

12.9-Inch iPad Air Now Rumored to Feature Mini-LED Display

Thursday April 18, 2024 7:37 am PDT by
The rumored 12.9-inch iPad Air that is expected to be announced in May will be equipped with a mini-LED display like the current 12.9-inch iPad Pro, according to Ross Young, CEO of research firm Display Supply Chain Consultants. The existing 10.9-inch iPad Air is equipped with a standard LCD panel, and the move to mini-LED technology for the 12.9-inch model would provide increased brightness for...