Never miss a great news story!
Get instant notifications from Economic Times
AllowNot now

You can switch off notifications anytime using browser settings.
Stock Analysis, IPO, Mutual Funds, Bonds & More

The details of 13 million Mac users have been leaked

MacKeeper, an anti-virus tool for Apple Mac users, has leaked the details of over 13 million users, according to researcher Chris Vickery.

Business Insider|
Dec 15, 2015, 03.25 PM IST
MacKeeper, an anti-virus tool for Apple Mac users, has leaked the details of over 13 million users, according to researcher Chris Vickery. The flaw has now been addressed.

Vickery found a section of the MacKeeper website that, when accessed without a password or username, allowed him to see the details of customer information, including names, email addresses, user names, passwords, phone numbers, system information, and more.

Beyond this error, Vickery found that the passwords MacKeeper stored were not secure. Passwords are protected by a "hashing" algorithm that takes the plain text - e.g. "password1234" - and turns it into something only a computer can read. MacKeeper was using a outdated, and easily crackable, algorithm, according to Vickery.

The MacKeeper team wrote a blog post detailing the steps they had taken to address the issue.

"Analysis of our data storage system shows only one individual gained access performed by the security researcher himself," they wrote. "We have been in communication with Chris and he has not shared or used the data inappropriately."

This is all good news, but the fact that the company - which deals in computers - left such a large amount of data available to anyone is worrying.

Business Insider received the following comment from MacKeeper:

Kromtech is aware of a potential vulnerability in access to our data storage system and we are grateful to the security researcher Chris Vickery who identified this issue without disclosing any technical details for public use. We fixed this error within hours of the discovery.

The company went on to reassure users that credit and debit card information is processed by a third-party and was never at risk. "We will continue to take every possible step to protect the data of our customers from the evolving cyber threats that companies both large and small face on a daily basis," it said.
Want stories like this in your inbox? Sign up for the daily ET Panache newsletter.

You can also follow us on Facebook, Twitter and LinkedIn.
Add Your Comments
Commenting feature is disabled in your country/region.
Download The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.

Other useful Links

Follow us on

Download et app

Copyright © 2019 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights: Times Syndication Service