An antivirus app has exposed the personal details of 13 million Mac users

snoopdoggydog · Dec 15, 2015

MacKeeper, an antivirus tool for Apple Mac users, has leaked the details of over 13 million users, according to researcher Chris Vickery.

The flaw has since been addressed.

Vickery found a section of the MacKeeper website that, when accessed without a password or username, allowed him to see the details of customer information, including names, email addresses, usernames, passwords, phone numbers, and system information.

Beyond this error, Vickery found that the passwords MacKeeper stored were not secure. Passwords are protected by a "hashing" algorithm that takes the plain text — e.g., "password1234" — and turns it into something only a computer can read. MacKeeper was using an outdated, and easily crackable, algorithm, according to Vickery.

The MacKeeper team wrote a blog post detailing the steps it took to address the issue.

"Analysis of our data storage system shows only one individual gained access performed by the security researcher himself," the team wrote. "We have been in communication with Chris and he has not shared or used the data inappropriately."

This is all good news, but the fact that the company — which deals in security — left such a large amount of data available to anyone is worrying.

http://www.businessinsider.com/mackeeper-leaks-13-million-mac-details-2015-12

bwana · Dec 15, 2015

Can't believe 13 million people were conned into using mackeeper to begin with.

greg0205 · Dec 15, 2015

bwana said:
Can't believe 13 million people were conned into using mackeeper to begin with.

^ This. So much this.

Had to pop into the iStore today, woman ahead of me had her iMac there to have mackeeper removed... Just shook my head and smiled.

noxibox · Dec 17, 2015

I thought MacKeeper was a virus.

ph4t3 · Dec 17, 2015

I had no idea Mackeeper was an anti-virus to begin with. Thought it was just crapware.

I was right.

])ragon_\/oid · Dec 17, 2015

Who doesn't have to deal with viruses and malware now?

GreGorGy · Dec 17, 2015

])ragon_\/oid;16745913 said:
Who doesn't have to deal with viruses and malware now?

Mac users who don't have Mackeeper or Filezilla I suppose.

bwana · Dec 21, 2015

GreGorGy said:
Mac users who don't have Mackeeper or Filezilla I suppose.

The FTP app?

GreGorGy · Dec 22, 2015

bwana said:
The FTP app?

The same one.

Besides my posts here, see others - and google for more info.

bwana · Dec 22, 2015

GreGorGy said:
The same one.

Besides my posts here, see others - and google for more info.

Is this the same SourceForge issue that has been wrapping legit software in a malware/adware installer bundle?

GreGorGy · Dec 22, 2015

bwana said:
Is this the same SourceForge issue that has been wrapping legit software in a malware/adware installer bundle?

Nope - it is deliberate by FileZilla. That sourceforge has gone the same way is not the cause of FileZilla doing this - although, it may have been inspired by Tim's decisions in the first place.

bwana · Dec 22, 2015

GreGorGy said:
Nope - it is deliberate by FileZilla. That sourceforge has gone the same way is not the cause of FileZilla doing this - although, it may have been inspired by Tim's decisions in the first place.

I've been using Filezilla for years - what adware/malware should I be on the lookout for? Everything I've googled points to Sourceforge.

GreGorGy · Dec 22, 2015

bwana said:
I've been using Filezilla for years - what adware/malware should I be on the lookout for? Everything I've googled points to Sourceforge.

I am going to assume that your installation comes from an earlier installer that updates itself. The latest installers that you download are full of hijackers and toolbars and other FUD. And sure, they're from sourceforge but that is at the option of the developer. It is him who is responsible. Check through his forums https://forum.filezilla-project.org/viewtopic.php?t=36728 and other places.

And from the download page: https://filezilla-project.org/download.php?type=client

Mac OS X Operating system logo
FileZilla_3.14.1_macosx-x86-devshare.app.tar.bz2
This installer may include bundled offers. Check below for more options.

bwana · Dec 22, 2015

GreGorGy said:
Mac OS X Operating system logo
FileZilla_3.14.1_macosx-x86-devshare.app.tar.bz2
This installer may include bundled offers. Check below for more options.

is that the sourceforge download?

GreGorGy · Dec 22, 2015

bwana said:
is that the sourceforge download?

Yup. The project page directs you to that download. Knowing full well what it contains.

An antivirus app has exposed the personal details of 13 million Mac users

snoopdoggydog

Expert Member

bwana

MyBroadband

greg0205

Honorary Master

noxibox

Honorary Master

ph4t3

Expert Member

])ragon_\/oid

Expert Member

GreGorGy

BULLSFAN

bwana

MyBroadband

GreGorGy

BULLSFAN

bwana

MyBroadband

GreGorGy

BULLSFAN

bwana

MyBroadband

GreGorGy

BULLSFAN

bwana

MyBroadband

GreGorGy

BULLSFAN