“MacKeeper is known for pushing the message Apple Mac owners need protection,” Thomas Fox-Brewster reports for Forbes. “It needed some extra protection of its own today, after a white hat hacker discovered a database containing 13 million customer records was accessible by just visiting a selection of IP addresses, no username or password required.”
“Researcher Chris Vickery said he uncovered four IP addresses that took him straight to a MongoDB database, containing a range of personal information, including names, email addresses, usernames, password hashes, phone numbers, IP addresses, system information, as well as software licenses and activation codes,” Fox-Brewster reports. “All Vickery had to do was look for openly accessible MongoDB databases on the Shodan search tool.”
“There’s another apparent security issue: the passwords were protected with a know-to-be-broken ‘hashing’ algorithm. These algorithms take the plain text password and turn it into garbled letters and digits, using a one-way mathematical formula,” Fox-Brewster reports. “According to Vickery, it appeared MacKeeper was using MD5 – long-known to be weak. There are a large number of MD5 cracking tools, all of which can figure out the weaker passwords (e.g. ’123456′ or ‘password1′) in seconds.”
Read more in the full article here.
MacDailyNews Take: Do not install MacKeeper. Certainly do not buy MacKeeper. If you have MacKeeper, uninstall it now.
SEE ALSO:
Security researcher claims to have downloaded sensitive data from 13 million accounts of MacKeeper scamware app – December 14, 2015
MacKeeper buyers ask for refunds in droves following class-action lawsuit – October 23, 2015
MacKeeper customers can file a claim to get their money back – August 10, 2015
Don’t waste your money on OS X snake oil for your Mac – July 28, 2015
How to detect and remove MacKeeper and keylogger malware on your Mac – July 17, 2015
Controversial MacKeeper security program opens critical hole on Mac computers – May 12, 2015
What ‘MacKeeper’ is and why you should avoid it – January 21, 2015
How to uninstall MacKeeper from your Mac – December 19, 2014
[Thanks to MacDailyNews Reader “Geek-Mo” for the heads up.]