MacKeeper is anti-virus software for OS X. You may remember it from many pop-up ads. What remotely professional company resorts to pop-up ads these days?! Well, MacKeeper might not be so professional. Chris Vickery, a white-hat hacker, was able to download the personal information of 13 million customers... without a password. That's right. This database had no password and used MD5 hashes, one of the most vulnerable security algorithms today. He just used an IP address. Lucky for MacKeeper, Vickery was a white-hat. Vickery immediately alerted MacKeeper to secure the database. He was luckily the only person who accessed this information.
"Here are some details (now that it's secured): The search engine at Shodan.io had indexed their IPs as running publicly accessible MongoDB instances (as some have already guessed). I had never even heard of MacKeeper or Kromtech until last night. I just happened upon it after being bored and doing a random "port:27017" search on Shodan."
- Chris Vickery
No comments:
Post a Comment
Please keep comments constructive and don't use any foul language. Feel free to share your ideas, feedback, experiences, and more. Please know that I will read them. Thanks!