“MacKeeper is known for pushing the message Apple Mac owners need protection,” Thomas Fox-Brewster reports for Forbes. “It needed some extra protection of its own today, after a white hat hacker discovered a database containing 13 million customer records was accessible by just visiting a selection of IP addresses, no username or password required.”
“Researcher Chris Vickery said he uncovered four IP addresses that took him straight to a MongoDB database, containing a range of personal information, including names, email addresses, usernames, password hashes, phone numbers, IP addresses, system information, as well as software licenses and activation codes,” Fox-Brewster reports. “All Vickery had to do was look for openly accessible MongoDB databases on the Shodan search tool.”
“There’s another apparent security issue: the passwords were protected with a know-to-be-broken ‘hashing’ algorithm. These algorithms take the plain text password and turn it into garbled letters and digits, using a one-way mathematical formula,” Fox-Brewster reports. “According to Vickery, it appeared MacKeeper was using MD5 – long-known to be weak. There are a large number of MD5 cracking tools, all of which can figure out the weaker passwords (e.g. ’123456′ or ‘password1′) in seconds.”
Read more in the full article here.
MacDailyNews Take: Do not install MacKeeper. Certainly do not buy MacKeeper. If you have MacKeeper, uninstall it now.
SEE ALSO:
Security researcher claims to have downloaded sensitive data from 13 million accounts of MacKeeper scamware app – December 14, 2015
MacKeeper buyers ask for refunds in droves following class-action lawsuit – October 23, 2015
MacKeeper customers can file a claim to get their money back – August 10, 2015
Don’t waste your money on OS X snake oil for your Mac – July 28, 2015
How to detect and remove MacKeeper and keylogger malware on your Mac – July 17, 2015
Controversial MacKeeper security program opens critical hole on Mac computers – May 12, 2015
What ‘MacKeeper’ is and why you should avoid it – January 21, 2015
How to uninstall MacKeeper from your Mac – December 19, 2014
[Thanks to MacDailyNews Reader “Geek-Mo” for the heads up.]
MDN – MacKeeper ads are running on this site.
Do what we say, not what we do
The ads are usually just one boob shot after another in ever column. And numerous ad headlines with the word “trick” in it.
Oups…
Wow! I didn’t think there were 13 million people in the world who are both smart enough to use a Mac and stupid enough to BUY and install MacKeeper! =:-0
Careful! A number of articles got this wrong. The hacker grabbed over 13 millions FILES, or data points, from MacKeeper.
The data is NOT from 13 million MacKeeper victims. The hacker showed off an image of his folder containing the data files. The folder added up to 21.1 GB of data from the over 13 million hacked files. SHAMEFUL MacKeeper.
13 million customer records is not the same thing as 13 million customers. mdn had this wrong yesterday and continues to get it wrong.
Good advice from MDN. I do not have this product nor do I plan to get it.
MacKeeper:
Worst crapware ever. (IMHO)
Just say ‘NO!’
Can we all agree that the “virus protection” business is actually racketeering? Virus protectors sell their wares to protect us from the viruses they themselves create. Not unlike The Mob, which is course, doesn’t exist either.