Security researcher examines MacKeeper, says sensitive data for more than 13 million accounts easily accessed
Date: Monday, December 14th, 2015, 08:34
Category: Hack, News, security, Software
And yet more reasons have surfaced as to why you’d want to punch the entire staff of MacKeeper in their heads.
A security researcher claims that extremely poor security has allowed him to access sensitive data for more than 13 million MacKeeper accounts.
White-hat researcher Chris Vickery, who has previously exposed data breaches at MLB, ATP, Slipknot and a network of K-12 charter schools in California, posted the following to Reddit:
I have recently downloaded over 13 million sensitive account details related to MacKeeper, Zeobit, and/or Kromtech […] stuff like names, email addresses, usernames, password hashes, computer name, ip address, software license and activation codes, type of hardware (ex: “macbook pro”), type of subscriptions, phone numbers and computer serial numbers.
Vickery, stated that the server was completely unprotected.
Six hours after making this post (and it being at the top of the Apple subreddit), the database is still completely unprotected […] No log in required at all.
The researcher also noted that while passwords were encrypted, the system used was extremely weak, calling it “MD5 with no salt… so very weak hashing”.
Vickery says that he will reveal more details about how he was able to access the data after the company has secured it.