MacKeeper scareware’s server leaked data to 13 million users
Security expert Chris Vickery says he managed to get into MacKeeper’s servers extremely easily. Vickery claims to have downloaded data from more than 13 million users, including passwords hashed with md5 without salt.
Kromtech tries to trick people into downloading the maintenance program MacKeeper for Apple Macs through advertisements. Then the program detects “problems” that it says “free” to fix. In addition to the partly free cleanup, the program detects other things, such as security and performance issues. To solve this, between 39.95 and 89.95 euros per year must be paid.
Six hours after announcing the vulnerability in a post on Reddit, the database was still completely unprotected, according to the security researcher. Once the company has more secure database access, Vickery will disclose more about how the access was obtained. In addition to the hashed passwords of 13 million users, Vickery obtained information such as names, email addresses, usernames, computer names, IP addresses, software licenses and associated activation codes, telephone numbers and computer serial numbers.
MacKeeper Server Tree – Source: Reddit