Dec 15

13 Million Customers’ Details Exposed by MacKeeper

13 Million Customers’ Details Exposed by MacKeeper

MacKeeper promotes itself as security and performance enhancement tool for the Apple Mac. MacKeeper has been the target of a lot of criticism and even a class action for its claims and unethical marketing techniques.

This latest revaluation shows that they are not even very good at protecting client information so they are hardly a company that you would want to entrust your online security to.

Security Specialist was able to download 13 million customer records from MacKeeper.

Chris Vickery is a Texas-based security specialist and on December 14 he posted the following on his Reddit account; “I have recently downloaded over 13 million sensitive account details related to MacKeeper, Zeobit, and/or Kromtech”, he added “I’m having no luck reaching Zeobit or Kromtech to notify them…Does anyone have a good contact within either company that can confirm or deny that they control a certain IP address and server? And maybe also can secure this freaking thing before someone malicious gets it?”

To their credit Kromtech Alliance reacted quickly to the Reddit warning, issuing a security advisory the same day that thanked Vickery. They announced “We fixed this error within hours of the discovery,” it says. “Analysis of our data storage system shows only one individual gained access performed by the security researcher himself. We have been in communication with Chris and he has not shared or used the data inappropriately.”. Kromtech Alliance added that “Our customer’s private information and data protection is our highest priority.”

Kromtech Alliance says that the customer information that was exposed included a customer’s name, username, public IP address, list of products they’ve ordered as well as a hashed password for accessing their customer account. The company adds that all credit card and payment information is handled by a third party, and so was not at risk.

Passwords were poorly encrypted and could easily be hacked

While the password was “hashed” (encrypted so it could not be read), Vickery warned that the passwords appeared to be hashed using “MD5 with no salt … so very weak hashing.” This means that attackers could generate rainbow tables, which are pre-computed tables that can be used to reverse unsalted cryptographic hash functions and thus easily crack passwords.

This was a lucky escape for Kromtech Alliance and the 13 million MacKeeper users. Had the the list fallen into the wrong hands then they could have cracked the passwords and with that information they could potentially have gained access to other accounts that shared the same password. This would have been a bonanza for Cyber criminal intent on performing identity theft.