13 Million MacKeeper Users Exposed

Found on Krebs on Security on Tuesday, 15 December 2015

The makers of MacKeeper — a much-maligned software utility many consider to be little more than scareware that targets Mac users — have acknowledged a breach that exposed the usernames, passwords and other information on more than 13 million customers and, er…users.

Vickery said he reached out the company, which responded quickly by shuttering public access to its user database, and publicly thanking him for reporting it.

Vickery said he was able to connect to the database that Shodan turned up for him just by cutting and pasting the information into a commercial tool built to browse Mongo databases.

Obviously they don't run a firewall, otherwise MongoDB's port would have not been accessible from outside. By default, any service should listen on localhost only so it requires extra steps to open it up to the Internet; not to mention that this includes configuring the firewall too.

Browse all articles« Previous « » Next »