MacKeeper, an anti-virus software for Mac users that makes Macs more secure and stable has exposed 13 million Mac users data.
According to a 31-year-old researcher Chris Vickery said that, recently he was able to access more than 13 million account details related to MacKeeper, Zeobit and Kromtech.
The breach was posted on Reddit forum on Sunday evening.
“The funny thing is, I don’t even own a Mac, and I had never heard of MacKeeper until last night,” Vickery said. “I didn’t know it was some sort of scamming scareware or software that pushes itself on people. The irony here is pretty thick.”
Vickery said that three other different IP addresses associated with Kromtech, public access of data without the need for username and password.
The worse part is that the stored password were just look like MD5 with no salt. “The data was/is publicly available,” Vickery wrote on Reddit. “No exploits or vulnerabilities involved. They published it to the open web with no attempt at protection.”
Vickery used Shodan search engine to index their IPs and see if he could find publicly accessible databases running database software called MongoDB.
Vickery reached out the company, which responded quickly by shuttering public access to its user database, and publicly thanking him for reporting it.