- The best new bands at SXSW 2019 3 Years Ago
- You can watch DC Universe’s acclaimed original shows for free Today 6:28 AM
- Ximena Sariñana talks capturing feminine energy on her latest album Today 6:00 AM
- The power of parasocial relationships in the age of loneliness Today 6:00 AM
- How to get started with WhatsApp on desktop Today 5:30 AM
- Netflix will remove controversial disaster footage from ‘Bird Box’ Sunday 4:04 PM
- J.K. Rowling’s latest ‘Fantastic Beasts’ reveal is bringing the memes Sunday 3:01 PM
- President Trump calls for government agencies to ‘look into’ ‘Saturday Night Live’ Sunday 12:18 PM
- How to stream Michael Conlan vs. Ruben Garcia Hernandez for free Sunday 11:00 AM
- ‘Pet Sematary’ is a bloodless remake of a Stephen King classic Sunday 10:50 AM
- Here’s the Marvel movie order list you didn’t know you needed Sunday 9:59 AM
- Where do 2020 Democratic candidates stand on weed? Sunday 7:00 AM
- How to stream ‘Billions’ season 4 for free Sunday 6:30 AM
- If you’re not using Vudu, you’re missing out Sunday 6:00 AM
- Everything you need to know about WhatsApp Sunday 5:30 AM
A security company that can’t keep its own customer data secure.
Here’s a quick lesson in doing it wrong—and endangering millions of people in the process.
Notorious Mac data-utility app MacKeeper—along with its developers, Kromtech Alliance—is under fire for storing 13 million customer records on a publicly accessible database that was accessible with absolutely no security check, password, or identification required.
Chris Vickery / Reddit
First made public by security researcher Chris Vickery in a post on the r/Apple subreddit, the vulnerability potentially exposed usernames, hashed passwords, subscriptions, user license information, and customer IP addresses. MacKeeper claims that payment information and credit card numbers were not accessible, though the company’s admits that its payment processing is handled by a third-party merchant and not in-house, which probably explains why it wasn’t part of the breach.
In a blog post, MacKeeper credits Vickery with discovering the gaping security hole and claims that the issue was fixed “within hours of the discovery.” However, Vickery’s own Reddit post notes that he was having trouble finding a point of contact within the company, so it’s unclear exactly how long it took to patch up.
MacKeeper claims that only one person, presumably Vickery, actually accessed the database from the outside, though that detail is difficult to independently verify.
As many in the original Reddit thread have noted, MacKeeper’s reputation among Apple fans isn’t exactly golden. The company has long been accused of underhanded marketing tactics and misleading promotional strategies, as well as claims that the software negatively impacts systems on which it has been installed.
If the company was hoping to turn its reputation around, exposing the accounts of 13 million users is not a great first step.
Photo via gothick_matt/Flickr (CC BY 2.0)
Mike Wehner is a former tech editor for the Daily Dot who now writes for BGR. His work has appeared everywhere from Yahoo to CNN, and there’s a good chance his Apple Watch is dead right now.