- First YouTube comment to hit 1 million likes is on Billie Eilish’s ‘bad guy’ music video Today 12:36 PM
- Girl says she was fired over exposing how Panera makes its mac and cheese on TikTok Today 11:34 AM
- David Harbour teased fans about Hopper’s ‘Stranger Things’ fate on ‘SNL’ Today 10:24 AM
- Kacey Musgraves accused of cultural appropriation–and botching it Today 9:19 AM
- Rihanna defends Vogue writer who received backlash for ‘winging’ interview Today 8:36 AM
- Here are the best PC games to add to your list Today 8:20 AM
- How to stream ‘Power’ season 6, episode 8 Today 6:00 AM
- How to stream Steelers vs. Chargers on Sunday Night Football Saturday 7:20 PM
- Popular TikTok teens accused of pretending to be gay for clout Saturday 6:38 PM
- Scott Walker’s ‘$26 haircut’ dig at Alexandria Ocasio-Cortez backfires Saturday 4:46 PM
- Halle synagogue shooter allegedly posted manifesto on anime message board Saturday 4:06 PM
- How to stream Cowboys vs. Jets in NFL Week 6 Saturday 3:25 PM
- How to stream Rams vs. 49ers in NFL Week 6 action Saturday 3:05 PM
- Kamala Harris’ ‘lover’ says Jacob Wohl hired him off Craigslist Saturday 2:03 PM
- Korean hair salon dragged for turning straight hair into Afro-textured hair Saturday 1:00 PM
Mac antivirus app just exposed 13 million customer accounts
A security company that can’t keep its own customer data secure.
Here’s a quick lesson in doing it wrong—and endangering millions of people in the process.
Notorious Mac data-utility app MacKeeper—along with its developers, Kromtech Alliance—is under fire for storing 13 million customer records on a publicly accessible database that was accessible with absolutely no security check, password, or identification required.
Chris Vickery / Reddit
First made public by security researcher Chris Vickery in a post on the r/Apple subreddit, the vulnerability potentially exposed usernames, hashed passwords, subscriptions, user license information, and customer IP addresses. MacKeeper claims that payment information and credit card numbers were not accessible, though the company’s admits that its payment processing is handled by a third-party merchant and not in-house, which probably explains why it wasn’t part of the breach.
In a blog post, MacKeeper credits Vickery with discovering the gaping security hole and claims that the issue was fixed “within hours of the discovery.” However, Vickery’s own Reddit post notes that he was having trouble finding a point of contact within the company, so it’s unclear exactly how long it took to patch up.
MacKeeper claims that only one person, presumably Vickery, actually accessed the database from the outside, though that detail is difficult to independently verify.
As many in the original Reddit thread have noted, MacKeeper’s reputation among Apple fans isn’t exactly golden. The company has long been accused of underhanded marketing tactics and misleading promotional strategies, as well as claims that the software negatively impacts systems on which it has been installed.
If the company was hoping to turn its reputation around, exposing the accounts of 13 million users is not a great first step.
Photo via gothick_matt/Flickr (CC BY 2.0)
Mike Wehner is a former tech editor for the Daily Dot who now writes for BGR. His work has appeared everywhere from Yahoo to CNN, and there’s a good chance his Apple Watch is dead right now.