snoopdoggydog
Expert Member
- Joined
- May 7, 2012
- Messages
- 1,929
MacKeeper, an antivirus tool for Apple Mac users, has leaked the details of over 13 million users, according to researcher Chris Vickery.
The flaw has since been addressed.
Vickery found a section of the MacKeeper website that, when accessed without a password or username, allowed him to see the details of customer information, including names, email addresses, usernames, passwords, phone numbers, and system information.
Beyond this error, Vickery found that the passwords MacKeeper stored were not secure. Passwords are protected by a "hashing" algorithm that takes the plain text — e.g., "password1234" — and turns it into something only a computer can read. MacKeeper was using an outdated, and easily crackable, algorithm, according to Vickery.
The MacKeeper team wrote a blog post detailing the steps it took to address the issue.
"Analysis of our data storage system shows only one individual gained access performed by the security researcher himself," the team wrote. "We have been in communication with Chris and he has not shared or used the data inappropriately."
This is all good news, but the fact that the company — which deals in security — left such a large amount of data available to anyone is worrying.
http://www.businessinsider.com/mackeeper-leaks-13-million-mac-details-2015-12