Are you a security pro? Try our quiz!
A security researcher has managed to access to the personal details of 13 million users of MacKeeper – a widely advertised application which, among other things, promises to improve the security of Macs.
Chris Vickery said he downloaded the database through a search of the Shodan.io engine, which indexes anything connected to the Internet.
Kromtech, the developer of MacKeeper, was not a specific target, and the information was discovered via a search of ‘Port 27017’ for publicly accessible MongoDB databases.
“We are grateful to the security researcher Chris Vickery who identified this issue without disclosing any technical details for public use,” the company said in a statement. “We fixed this error within hours of the discovery. Analysis of our data storage system shows only one individual gained access performed by the security researcher himself. We have been in communication with Chris and he has not shared or used the data inappropriately.
“Our customer’s private information and data protection is our highest priority. All customer credit card and payment information is processed by a 3rd party merchant and was never at risk. Billing information is not transmitted or stored on any of our servers.
“We do not collect any sensitive personal information of our customers. The only customer information we retain are name, products ordered, license information, public IP address and their user credentials such as product specific usernames, password hashes for the customer’s web admin account where they can manage subscriptions, support, and product licenses.”
Some security experts have criticised MacKeeper’s ‘aggressive’ marketing strategy of pop-up advertising and have likened it to scareware. MacKeeper was sued in 2014 for allegedly telling users that non-existent problems were found on their systems in order to coerce them into buying the program.
Earlier this year, researchers discovered a ‘critcal’ vulnerability in the controversial program that could allow an attacker to take over a system if a user visited a specially crafted webpage.
Are you a security pro? Try our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…