Slashdot Mirror

← Back to Stories (view on slashdot.org)

MacKeeper Discloses 13 Million Mac Users' Details With Poor Hash Protection (mackeeper.com)

Posted by Soulskill on from the of-barn-doors-and-horses dept.

An anonymous reader writes: Mac security software suite MacKeeper is recovering after a hack leaked millions of users' personal information. Kromtech, the software developer, confirmed that it had received notice of the hack yesterday, discovering a hole in its security which was exposing customer usernames, email addresses and other personal data for as much as 13 million users. The hole was patched within a matter of hours after security researcher Chris Vickery had published details of the error over the weekend. Vickery, who had been unfamiliar with both MacKeeper and Kromtech, explained that he had discovered the security fault by browsing the connected devices search engine Shodan.io.

15 of 72 comments (clear)

  1. So MacKeeper is actually real?!? by pipedwho · · Score: 4, Insightful

    With the amount of "MacKeeper" subterfuge style pop-up ads that appear all over the place, I've always assumed that it was a scam. Kind of like the random calls you get from India saying your Windows machine has a virus - even if you don't use Windows.

    1. Re:So MacKeeper is actually real?!? by PhunkySchtuff · · Score: 2

      Ah, the old Sunk Costs Fallacy.
      My brother in law had a similar issue on his Windows laptop. I determined the cause to the the crap antivirus he was running (either Nortons/Symantec or McAfee).
      Told him that it was causing the problem and I was going to uninstall it.
      He wouldn't let me because he'd just renewed the subscription for it, so still had 10 months to go.

      In hindsight, it was one of the best decisions he made, as from that point forwards I had a valid reason to refuse any computer support whatsoever.

      --
      Specialist Mac support for creative pros, Melbourne
    2. Re:So MacKeeper is actually real?!? by speedlaw · · Score: 2

      I get those windows calls frequently. I always mention that I was attempting to download some porn, and it didn't load. They want to help. I describe the (fictional) porn in detail. Surprisingly, many of the scammers have a real problem with an amy schumer-ese description. Fun times, and the longer I keep them on the phone, the less time they have to scam a real potential target. I once had to mention that I didn't have a windows key, I have some sort of apple icon on my keyboard....at the ten minute mark.

  2. Bad summary, no hack involved by PRMan · · Score: 3, Insightful

    FTA:

    ‘The data was/is publicly available. No exploits or vulnerabilities involved. They published it to the open web with no attempt at protection,’ Vickery wrote in a Reddit post. He noted that Kromtech was alerted and was able to quickly patch the vulnerability.

    There was no need for a hack because it was published to the open web!

    --
    Peter predicted that you would "deliberately forget" creation 2000 years ago...
    1. Re:Bad summary, no hack involved by zlives · · Score: 2

      in the world where the ability to google equates to technical knowledge... reading is hacking.

  3. Big news by antifoidulus · · Score: 5, Funny

    This is really big news, 13 million Mac users were gullible enough to buy MacKeeper!

    --
    Monstar L
    1. Re:Big news by plover · · Score: 2

      This is really big news, 13 million Mac users were gullible enough to buy MacKeeper!

      Just think how valuable that list really is. Those are people who are proven dumb enough to spend money on MacKeeper. If you had a copy and sent them just one or two mailings, you could probably get most of them to buy homeopathic medicines, copper bracelets, crystal pendants, and maybe donate to your Church of Perpetual Income.

      Come to think of it, maybe that's MacKeeper's biggest revenue stream: renting out their list of proven suckers.

      --
      John
    2. Re:Big news by ruir · · Score: 3, Insightful

      Gullible in an understatement. Buying something that spams you opening their website while opening other pages, or with adverts get your Mac "faster" is so stupid that beggars belief. mackeeper site used to be pinnned to 127.0.0.1 in my hosts file, and nowadays is black holed in my DNS server.

  4. Article Correction by redback · · Score: 3, Insightful

    First line should read

    Mac malware vendor Mackeeper

    1. Re:Article Correction by U2xhc2hkb3QgU3Vja3M · · Score: 2

      Do you really want to associate malware vendors with these scumbags?

  5. MacKeeper is bad news! by rcase5 · · Score: 2

    I was trying to download LibreOffice and somehow wound up with MacKeeper. The installation process didn't even tell me what it was. Once I realized it was a scam (which didn't take very long), it was a bitch to get rid of! It has processes that would respawn after they were killed. That's not a good sign, especially for something that isn't essential to system functionality. And it kept starting up on boot-up even if you moved it to the trash. You had to empty the trash and remove some files in Library in order to totally get rid of it.

    I'm almost thinking this is a planted story (not on /. part) so they look legit and people keep MacKeeper on their systems. I agree with others, 13 million sounds very high. They have some brass balls!

    1. Re:MacKeeper is bad news! by U2xhc2hkb3QgU3Vja3M · · Score: 2

      I think he downloaded LibreOrifice by mistake.

  6. Mac keeper is malware by rolyataylor2752 · · Score: 5, Interesting

    It uses immorale advertising tactics to sell itself to people. Says they have viruses when they don't and scares old people.

  7. MacKeeper - brought to you by Slashdot Media by DownWithTheMan · · Score: 5, Interesting

    Anyone else notice that tons of apps on SourceForge (owned by the same great overlord as /.) are bundling MacKeeper with the installer? Seriously, I've tried to grab a few apps from SourceForge recently only to find the app I'm trying to grab wrapped with some kind of crap-ware installer. Apparently it's wrapped at random and doesn't always happen to everyone. After seeing a few installers that I got from SF fail or never install my app or attempt to connect to the internet (and thankfully able to be stopped by Little Snitch), I did a few google searches to figure out WTF... Apparently SF has been doing this for a while now - and so really, I partially blame them for the fact that so many people have this kind of crap installed on their machines... See the reviews on FileZilla for some reviewers complaining about this very thing.

    1. Re:MacKeeper - brought to you by Slashdot Media by Dutch+Gun · · Score: 2

      ublock-origins blocks sourceforge as a malware site now, and while I occasionally override it to peek at some actual source code, I'm glad for the reminder to never download anything from that site. There was a kerfuffle a while ago when they started doing this, and despite some backpedaling after some initial bad press, the site should probably be considered toxic.

      http://www.howtogeek.com/21876...

      --
      Irony: Agile development has too much intertia to be abandoned now.