MAC USERS have been warned to be on the lookout after anti-malware maker MacKeeper exposed details of 13 million of its customers.
The leak was revealed by Chris Vickery, a noted security researcher, who posted details to Reddit over the weekend. The data was obtained by Vickery with no exploit or hack.
Let's put that another way. MacKeeper's sensitive customer data was available on the web. In the clear. All it took was specialist search engine, Shodan.io, which is capable of scanning for devices that Google can't reach.
The data came in the form of an unsecured MongoDB database on port 27017 including a 21.2GB file called 'Users'.
MacKeeper's owner, Kromtech, hasn't had the most glowing reputation at the best of times. The firm bought the package from a company called Zeobit which recently settled out of court after a class action lawsuit accused it of scareware tactics to encourage the $40 upgrade fee. Others have referred to it as "junkware".
This is all particularly galling when you consider that Macs very rarely get targeted with malware in the first place and the need for malware protection is relatively small.
Kromtech said in a lengthy statement: "We are grateful to the security researcher Chris Vickery who identified this issue without disclosing any technical details for public use. We fixed this error within hours of the discovery.
"Analysis of our data storage system shows only one individual gained access performed by the security researcher himself. We have been in communication with Chris and he has not shared or used the data inappropriately."
The company points out that all its financial transactions go through a third party so there was never any risk to customers' financial data, and that an internal inquiry is underway to find out how this slapdashery was allowed to happen.
This is followed by further grovelling thanks to Vickery for not making a bad situation significantly worse. µ
Epyc performance potential, but Rome wan't build in a day
Patch? Patchy more like
Slurped surveillance info includes location data and social groups