MacKeeper’s controversial business tactics just became even more concerning, with one security researcher claiming that the company’s poor security system allowed him to download sensitive data — including phone numbers — from more than 13 million MacKeeper accounts.
“I have recently downloaded over 13 million sensitive account details related to MacKeeper, Zeobit, and/or Kromtech,” writes Chris Vickery, a white hat hacker who has previously exposed security breaches at MLB, ATP, Slipknot, and many Californian schools.
The sensitive data obtained by Vickery includes “stuff like names, email addresses, usernames, password hashes, computer name, ip address, software license and activation codes, type of hardware (ex: “macbook pro”), type of subscriptions, phone numbers and computer serial numbers.”
Vickery explained in a post on Reddit that MacKeeper’s server was completely unprotected, and while passwords were encrypted, the type of encryption used — “MD5 with no salt” — was very weak.
Vickery has actually discovered three servers owned by MacKeeper, Kromtech, and Zeobit that have all been “leaking” data. One of those has since been made secure, but Kromtech is still working to fix the other two, Vickery says.
MacKeeper has long been a controversial company due to its aggressive marketing tactics, false advertising, and poor user experience. This kind of news certainly won’t do the company’s image any good, then, and if you’re a MacKeeper user, perhaps it’s time to find alternatives.
[via 9to5Mac]
No comments:
Post a Comment