MacKeeper Customer Data Exposed

December 14, 2015

Some 13 million customers of anti-virus software, MacKeeper, had their personal data exposed recently due to a major security oversight on the developer’s database. The customer data included full names, usernames, emails, hashes of passwords, phone numbers, IP addresses, system info and other personal information.

MacKeeper Customer Data Exposed

Some 13 million customers of MacKeeper, an anti-virus program for OS X, had their personal data exposed recently due to a major security oversight in the configuration of MacKeeper’s internal customer database. The customer data included full names, usernames, email addresses, hashes of passwords, phone numbers, IP addresses, system info, and other personal information.

The breach contained a massive 21 gigabytes of customer data and the news was shared publicly in a Reddit post by security researcher, Chris Vickery, after a failed attempt to contact Kromtech, the company behind MacKeeper, as reported over at Forbes.

It’s believed that Vickery was unaware of what he’d stumbled upon and didn’t know who or what Kromtech, Zeobit, or MacKeeper were. No exploit was used to hack the servers – they were simply left unsecured without a username or password protecting the data.

Once contact was made with Kromtech, the company responded promptly by closing off the server from public access and posting an advisory on their blog as a notice to their customers. While the passwords in the database were hashed, the MD5 standard used to protect them has long been known to have issues making it easy to crack and expose passwords contained in the database.

If you use this software, you should change your password on MacKeeper’s site as well as on any other sites where you might have used the same password. As was reported in the Forbes article:

“The company admitted to FORBES it was using MD5 but was in the process of upgrading to SHA512 . It will be resetting passwords too, but said the decision wasn’t connected to the leak, though it has spurred the company on to make changes.”

In this digital age with more and more information being stored online, it’s important to select a unique password that is not easily guessable for each and every site that you have an account on. Password managers like 1Password and others reviewed here on SecureMac provide an easy and effective way to do this without the need to memorize multiple passwords.

Filed under Security News

Tags 1password, Chris Vickery, data breach, kromtech, mackeeper, MongoDB, reddit, Shodan, zeobits