- Elon Musk’s Cybertruck mocked after ball busts windows during demonstration Today 12:23 AM
- Pornhub has a bundle now, Disney+ style Thursday 11:27 PM
- Jacob Wohl’s dad is selling horny calendars of himself for the soldiers Thursday 11:10 PM
- Amanda Palmer dragged for ‘demanding’ coverage of her music Thursday 8:33 PM
- How to get free TikTok followers without downloading a virus Thursday 7:57 PM
- Trump Jr.s ‘Triggered’ topped best-seller’s list with help of RNC Thursday 7:41 PM
- FBI raided millionaire YouTuber’s home, allegedly took everything Thursday 6:55 PM
- A fake Labour party website is spreading disinformation in Britain Thursday 6:16 PM
- Twitter bans cricket club for posting ISIS content in apparent hack Thursday 6:12 PM
- This dad remade his daughter’s NSFW photo—and people are loving it Thursday 5:51 PM
- Teen allegedly posted ‘slave for sale’ Craigslist ad featuring his Black classmate Thursday 5:28 PM
- People are crushed that this teen love story might be a TikTok ‘joke’ Thursday 4:50 PM
- Is Jacob Wohl evading his Twitter ban with Jack Burkman’s account? Thursday 2:06 PM
- Biden’s most perplexing debate answers, explained Thursday 2:03 PM
- How to stream Colts vs. Texans on Thursday Night Football Thursday 12:52 PM
Mac antivirus app just exposed 13 million customer accounts
A security company that can’t keep its own customer data secure.
Here’s a quick lesson in doing it wrong—and endangering millions of people in the process.
Notorious Mac data-utility app MacKeeper—along with its developers, Kromtech Alliance—is under fire for storing 13 million customer records on a publicly accessible database that was accessible with absolutely no security check, password, or identification required.
Chris Vickery / Reddit
First made public by security researcher Chris Vickery in a post on the r/Apple subreddit, the vulnerability potentially exposed usernames, hashed passwords, subscriptions, user license information, and customer IP addresses. MacKeeper claims that payment information and credit card numbers were not accessible, though the company’s admits that its payment processing is handled by a third-party merchant and not in-house, which probably explains why it wasn’t part of the breach.
In a blog post, MacKeeper credits Vickery with discovering the gaping security hole and claims that the issue was fixed “within hours of the discovery.” However, Vickery’s own Reddit post notes that he was having trouble finding a point of contact within the company, so it’s unclear exactly how long it took to patch up.
MacKeeper claims that only one person, presumably Vickery, actually accessed the database from the outside, though that detail is difficult to independently verify.
As many in the original Reddit thread have noted, MacKeeper’s reputation among Apple fans isn’t exactly golden. The company has long been accused of underhanded marketing tactics and misleading promotional strategies, as well as claims that the software negatively impacts systems on which it has been installed.
If the company was hoping to turn its reputation around, exposing the accounts of 13 million users is not a great first step.
Photo via gothick_matt/Flickr (CC BY 2.0)
Mike Wehner is a former tech editor for the Daily Dot who now writes for BGR. His work has appeared everywhere from Yahoo to CNN, and there’s a good chance his Apple Watch is dead right now.