13 million MacKeeper users exposed after MongoDB door was left open
Security researcher Chris Vickery has found and reported a massive security issue on the Web servers of MacKeeper, a piece of software often regarded as scareware. According to Krebs on Security, the databases of Kromtech, the company behind MacKeeper, were open to external connections and required no authentication whatsoever. The names, passwords, and other information of around 13 million users may have been exposed.
Kromtech has admitted the breach and put a statement on its website saying that “analysis of our data storage system shows only one individual gained access performed by the security researcher himself.” It also states that customers’ credit card details have never been at risk as they’re processed by a third-party merchant.
“The only customer information we retain are name, products ordered, license information, public ip address and their user credentials such as product specific usernames, password hashes for the customer’s web admin account where they can manage subscriptions, support, and product licenses,” Kromtech explained.