mackeeperlogo100633277orig
Security

MacKeeper hacked: 13 million account details exposed

On Sunday, white-hat hacker Chris Vickery announced on Reddit that he was able to access “13 million sensitive account details” on MacKeeper. MacKeeper is owned by Kromtech, who brought it from the original developer Zeobit.

According to Vickery (who goes by the screen name FoundTheStuff) on Reddit, “The data was/is publicly available. No exploits or vulnerabilities involved. [Zeobit and Kromtech] published it to the open web with no attempt at protection.” Vickery found the vulnerability by doing a random “port:27017” search on Shodan.io.

Since his initial post on Reddit, Vickery has been in contact with the MacKeeper developers. Kromtech told Vickery that they have secured their databases. A post on the MacKeeper website states that the company “will continue to take every possible step to protect the data of our customers from the evolving cyber threats that companies both large and small face on a daily basis.” The statement also said that since MacKeeper uses a third-party merchant, customer credit card and payment information was “never at risk.”

Chris Vickery provided this screenshot on Reddit as proof that he had accessed MacKeeper databases online.

MacKeeper is a Mac maintenance utility that has been scrutinized for its aggressive pop-up advertising on the web and the shady behavior by the company to promote the product. Users doubt the actual usefulness of the software and thousands were involved in a class-action lawsuit.

This isn’t the first time MacKeeper has been in the news for a security issue. In May, a hole in the software could let attackers execute malicious commands on Macs when their owners visit specially crafted Web pages. That vulnerability was fixed with a software update.

MacKeeper can be a difficult app to uninstall, and how to remove MacKeeper is one of the most popular questions received by Macworld.

IDG Insider

PREVIOUS ARTICLE

« Salesforce scoops up MinHash for marketing intelligence

NEXT ARTICLE

FAA mandates registration for all non-commercial drones »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

Poll

Do you think your smartphone is making you a workaholic?