MacKeeper hacked: 13 million account details exposed

[Inga Goddijn <inga () riskbasedsecurity com>]

http://www.macworld.com/article/3014607/security/mackeeper-hacked-data-for-13-million-accounts-exposed.html

On Sunday, white-hat hacker Chris Vickery announced on Reddit
<https://www.reddit.com/r/apple/comments/3wq9fc/massive_data_breach/> that
he was able to access “13 million sensitive account details” on MacKeeper.
MacKeeper is owned by Kromtech, who brought it from the original developer
Zeobit.

According to Vickery (who goes by the screen name FoundTheStuff) on Reddit,
“The data was/is publicly available. No exploits or vulnerabilities
involved. [Zeobit and Kromtech] published it to the open web with no
attempt at protection.” Vickery found the vulnerability by doing a random
“port:27017” search on Shodan.io.

Since his initial post on Reddit, Vickery has been in contact with the
MacKeeper developers. Kromtech told Vickery that they have secured their
databases. A post
<https://mackeeper.com/blog/post/173-mackeeper-security-advisory> on the
MacKeeper website states that the company “will continue to take every
possible step to protect the data of our customers from the evolving cyber
threats that companies both large and small face on a daily basis.” The
statement also said that since MacKeeper uses a third-party merchant,
customer credit card and payment information was “never at risk.”

MacKeeper is a Mac maintenance utility that has been scrutinized
<http://www.macworld.com/article/2919292/apple-security-program-mackeeper-celebrates-difficult-birthday.html>
for its aggressive pop-up advertising on the web and the shady behavior by
the company to promote the product. Users doubt the actual usefulness of
the software and thousands were involved in a class-action lawsuit
<http://www.macworld.com/article/2996814/security/mackeeper-buyers-ask-for-refunds-in-droves-following-lawsuit.html>
.

This isn’t the first time MacKeeper has been in the news for a security
issue. In May, a hole in the software could let attackers execute malicious
commands on Macs when their owners visit specially crafted Web pages
<http://www.macworld.com/article/2921212/controversial-mackeeper-security-program-opens-critical-hole-on-mac-computers.html>.
That vulnerability was fixed with a software update.

MacKeeper can be a difficult app to uninstall, and how to remove MacKeeper
<http://www.macworld.com/article/2861435/software-utilities/how-to-uninstall-mackeeper-from-your-mac.html>
is one of the most popular questions received by Macworld.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!