A white-hat security researcher known for exposing weak security setups at various companies reported yesterday that he was able to easily access and obtain sensitive data on more than 13 million current and previous users of notorious scamware app MacKeeperdue to poor security practices by the previous and current developers, Zeobit/Kromtech. Though the company believes the servers and data in question are now secure, researcher “FoundtheStuff” (Chris Vickery) was able to obtain data including names, email addresses, phone number, poorly-hashed passwords, and details on users’ computer hardware.
“I have recently downloaded over 13 million sensitive account details related to MacKeeper, Zeobit, and/or Kromtech,” Vickery posted on an Apple-oriented Reddit group, and later noted that “six hours after making this post (and it being at the top of the Apple subreddit), the database is still completely unprotected.” He was later able to reach officials at Kromtech, and they have since secured the initial server, though Vickery pointed out three other IP addresses that were also leaking that data (which have now been secured).
Source: MacRumors.com
About Post Author
Advertisement
Share this via:
