Skip to main content

Database of 13 million MacKeeper users easily accessed online

firmware update for apple multiport adaptor macbook gold 2015 hero
Image used with permission by copyright holder
Mac anti-virus software firm MacKeeper may not be so secure itself. Data on 13 million of its users, including email addresses, phone numbers, and hashed passwords, was found to be easily accessible online, according to one security researcher.

Chris Vickery discovered the database online by searching for open databases on the computer search engine Shodan. First, he discovered four IP addresses that led him to a MongoDB database, and he ultimately found the MacKeeper data featuring users’ IP addresses, software licenses, and activation codes along with the hashed passwords, names, numbers, and email addresses.

It is actually quite common to find open MongoDB databases online. However it remains unclear how long the MacKeeper database was left open. According to Brian Krebs, MacKeeper said its database was left open for about a week due to a server misconfiguration, but Vickery points out that the database he found was last dated around the middle of November.

Most strikingly, the passwords in the database were protected only with the hashing algorithm MD5, which has been decried in the past by its own creator as subpar and no longer secure. There are even MD5 cracking tools available online, which are not hard to find. MacKeeper told Forbes that it is currently updating to the SHA512 hashing algorithm.

Vickery claims that he was unable to reach Kromtech, the company behind MacKeeper, to alert it of the flaws, so he took to Reddit to make his discovery public in the hope of catching the company’s attention.

Kromtech has since responded to Vickery and thanked him for his disclosure. The firm said the vulnerability has now been patched and it will be carrying out an internal review.

“We fixed this error within hours of the discovery. Analysis of our data storage system shows only one individual gained access … the security researcher himself,” said Kromtech. “We have been in communication with Chris and he has not shared or used the data inappropriately.”

So it appears that Vickery is the only person that was aware of this potential leak of customer data, and no malicious actor gained access to the database.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
AMD’s next-gen CPUs are much closer than we thought
AMD Ryzen 7 7800X3D held between fingertips.

We already knew that AMD would launch its Zen 5 CPUs this year, but recent motherboard updates hint that a release is imminent. Both MSI and Asus have released updates for their 600-series motherboards that explicitly add support for "next-generation AMD Ryzen processors," setting the stage for AMD's next-gen CPUs.

This saga started a few days ago when hardware leaker 9550pro spotted an MSI BIOS update, which they shared on X (formerly Twitter). Since then, Asus has followed suit with BIOS updates of its own featuring a new AMD Generic Encapsulated Software Architecture (AGESA) -- the firmware responsible for starting the CPU -- that brings support for next-gen CPUs (spotted by VideoCardz).

Read more
AMD Zen 5: Everything we know about AMD’s next-gen CPUs
The AMD Ryzen 5 8600G APU installed in a motherboard.

AMD Zen 5 is the next-generation Ryzen CPU architecture for Team Red and is slated for a launch sometime in 2024. We've been hearing tantalizing rumors for a while now and promises of big leaps in performance. In short, Zen 5 could be very exciting indeed.

We don't have all the details, but what we're hearing is very promising. Here's what we know about Zen 5 so far.
Zen 5 release date and availability
AMD confirmed in January 2024 that it was on track to launch Zen 5 sometime in the "second half of the year." Considering the launch of Zen 4 was in September 2022, we would expect to see Zen 5 desktop processors debut around the same timeframe, possibly with an announcement in the summer at Computex.

Read more
Is this Razer’s Steam Deck killer?
The Razer Kishi Ultra sitting on a table.

Razer has been oddly quiet in the burgeoning world of handheld gaming PCs. When I met up with the company at the Game Developers Conference (GDC) to learn about its new products, I was happy to hear it had an answer to the success of the Steam Deck.

But it was not the type of answer I was expecting.

Read more