MacKeeper hacking exposes 21 GB’s of data with details of 13 million users

OS X utility MacKeeper hacked: 21GB data of 13 million account details exposed

Chris Vickery, a white hacker on Sunday announced on Reddit that by using a simple Shodan query, he was able to access โ€œ13 million sensitive account detailsโ€ on MacKeeper that includes names, email addresses, usernames, password hashes, IP addresses, phone numbers, and system information. Owned by Kromtech, MacKeeper is a suite of performance and security utilities for Mac OS X.

According to Vickery (who goes by the screen name FoundTheStuff) on Reddit, โ€œThe data was/is publicly available. No exploits or vulnerabilities involved. [Zeobit and Kromtech] published it to the open web with no attempt at protection.โ€ Vickery found the vulnerability by doing a random โ€œport:27017โ€ search on Shodan.io. He was able to download 13 Million customer records by simply entering a selection of IP addresses, with no username or password required to access the data.

OS X utility MacKeeper hacked: 13 million account details exposed

Shodan is a search engine created for the purpose of finding servers, routers, network devices and more that sit online. Be it researchers or hackers can filter searches to find specific equipment by manufacturer, function and even where they are located geographically.

Vickery said he found four IP addresses leaking the data.

โ€œThe search engine at Shodan.io had indexed their IPs as running publicly accessible MongoDB instances (as some have already guessed),โ€ Vickery said. โ€œI had never even heard of MacKeeper or Kromtech until last night. I just happened upon it after being bored and doing a random โ€œport:27017? search on Shodan.โ€

Even though the passwords were encrypted, Vickery believes that MacKeeper was using weak MD5 hashes to protect its customer passwords, allowing anyone to crack the passwords in seconds using MD5 cracking tools.

After Vickery posted the issue on Reddit, the company responded saying that had no evidence that the data was accessed by malicious parties.

Kromtech did reply with a statement that it has taken steps to close the database off from the open Internet.
โ€œWe fixed this error within hours of the discovery. Analysis of our data storage system shows only one individual gained access performed by the security researcher himself,โ€ Kromtech said in its statement. โ€œWe have been in communication with Chris and he has not shared or used the data inappropriately.โ€

Also, a post on the MacKeeper website states that the company โ€œwill continue to take every possible step to protect the data of our customers from the evolving cyber threats that companies both large and small face on a daily basis.โ€ The statement also said that since MacKeeper uses a third-party merchant for payment card data, and the details was not on the same database, nor is it stored on its servers. Hence, customer credit card and payment information was โ€œnever at risk.โ€

This isnโ€™t the first time MacKeeper has been in the news for a security issue. In May, the company had patched a zero-day remote code execution vulnerability due to the flaw in MacKeeperโ€™s handling of custom URLs. An attacker who could trick a user into visiting a site hosting an exploit could ultimately run code on the vulnerable computer. That vulnerability was fixed with a software update.

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

Read More

Suggested Post