Are you a security pro? Try our quiz!
A security researcher has managed to access to the personal details of 13 million users of MacKeeper – a widely advertised application which, among other things, promises to improve the security of Macs.
Chris Vickery said he downloaded the database through a search of the Shodan.io engine, which indexes anything connected to the Internet.
Kromtech, the developer of MacKeeper, was not a specific target, and the information was discovered via a search of ‘Port 27017’ for publicly accessible MongoDB databases.
“We are grateful to the security researcher Chris Vickery who identified this issue without disclosing any technical details for public use,” the company said in a statement. “We fixed this error within hours of the discovery. Analysis of our data storage system shows only one individual gained access performed by the security researcher himself. We have been in communication with Chris and he has not shared or used the data inappropriately.
“Our customer’s private information and data protection is our highest priority. All customer credit card and payment information is processed by a 3rd party merchant and was never at risk. Billing information is not transmitted or stored on any of our servers.
“We do not collect any sensitive personal information of our customers. The only customer information we retain are name, products ordered, license information, public IP address and their user credentials such as product specific usernames, password hashes for the customer’s web admin account where they can manage subscriptions, support, and product licenses.”
Some security experts have criticised MacKeeper’s ‘aggressive’ marketing strategy of pop-up advertising and have likened it to scareware. MacKeeper was sued in 2014 for allegedly telling users that non-existent problems were found on their systems in order to coerce them into buying the program.
Earlier this year, researchers discovered a ‘critcal’ vulnerability in the controversial program that could allow an attacker to take over a system if a user visited a specially crafted webpage.
Are you a security pro? Try our quiz!
Amid a potential breakup threat from US authorities, Google releases next generation of its AI…
Setback for Nvidia after Supreme Court rules class-action lawsuit against AI chip giant for misleading…
Notice filed in federal court to challenge Canadian government order to shutdown TikTok's Canada's operations
Users of the iPhone 15 and later in the UK can now experience Apple Intelligence,…
Biden administration awards $6.1 billion subsidy from US Chips Act for Micron's Idaho and and…
Bill (if passed) could see California become the first US state to require mental health…