Personal information of 13 million MacKeeper users exposed

By Shawn Knight
Dec 15, 2015
Post New Reply
  1. A bored security researcher by the name of Chris Vickery recently managed to infiltrate the databases of anti-virus maker Kromtech and make away with personal data on more than 13 million users.

    In a post on Reddit, Vickery said he ran a query using to scan for incoming connections on port 27017. What he ultimately found was a database containing the names, e-mail addresses, usernames, password hashes, phone numbers, system information and IP addresses belonging to 13 million users.

    Vickery said he also found software license and activation codes in the 21GB of wide-open data.

    Fortunately, Vickery is a white hat and thus, immediately reached out to Kromtech to alert them of the issue.

    In a statement on the matter, the company said it fixed the issue within hours of discovery. Analysis of its systems showed that only one person (Vickery) gained unauthorized access to the database. Kromtech said all payment information is processed by a third party meaning it was never at risk. The company publically thanked Vickery for his actions in disclosing the error.

    It's worth pointing out that the "stolen" passwords were encrypted using MD5, a very weak form of encryption. As Forbes points out, there are a number of MD5 cracking tools capable of working out simple passwords within seconds. The company told the publication it was in the middle of upgrading to SHA-512.

    Permalink to story.

  2. Mc128k

    Mc128k TS Rookie

    For a terrible and invasive tool like MacKeeper, users deserved to have the data made public.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...