Database of 13 million MacKeeper users easily accessed online

firmware update for apple multiport adaptor macbook gold 2015 hero
Mac anti-virus software firm MacKeeper may not be so secure itself. Data on 13 million of its users, including email addresses, phone numbers, and hashed passwords, was found to be easily accessible online, according to one security researcher.

Chris Vickery discovered the database online by searching for open databases on the computer search engine Shodan. First, he discovered four IP addresses that led him to a MongoDB database, and he ultimately found the MacKeeper data featuring users’ IP addresses, software licenses, and activation codes along with the hashed passwords, names, numbers, and email addresses.

It is actually quite common to find open MongoDB databases online. However it remains unclear how long the MacKeeper database was left open. According to Brian Krebs, MacKeeper said its database was left open for about a week due to a server misconfiguration, but Vickery points out that the database he found was last dated around the middle of November.

Most strikingly, the passwords in the database were protected only with the hashing algorithm MD5, which has been decried in the past by its own creator as subpar and no longer secure. There are even MD5 cracking tools available online, which are not hard to find. MacKeeper told Forbes that it is currently updating to the SHA512 hashing algorithm.

Vickery claims that he was unable to reach Kromtech, the company behind MacKeeper, to alert it of the flaws, so he took to Reddit to make his discovery public in the hope of catching the company’s attention.

Kromtech has since responded to Vickery and thanked him for his disclosure. The firm said the vulnerability has now been patched and it will be carrying out an internal review.

“We fixed this error within hours of the discovery. Analysis of our data storage system shows only one individual gained access … the security researcher himself,” said Kromtech. “We have been in communication with Chris and he has not shared or used the data inappropriately.”

So it appears that Vickery is the only person that was aware of this potential leak of customer data, and no malicious actor gained access to the database.

Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.
Gaming

The best of the last generation: Our 50 favorite Xbox 360 games

The Xbox 360 thrived during a generation where games were plentiful. Here's our list of the best Xbox 360 games of all time, including all game genres and even a few special indie hits.
Computing

How to change your Gmail password in just a few quick steps

Regularly updating your passwords is a good way to stay secure online, but each site and service has their own way of doing it. Here's a quick guide on how to change your Gmail password in a few short steps.
Computing

After fourth attack, hacker puts personal records of 26M people up for sale

A serial hacker going by the name of Gnosticplayers is selling the personal data of 26 million people who have been using the services of six different companies from across the world.
Computing

Give your MacBook Air some added style with one of these great cases or sleeves

Whether you’re looking for added protection or a stylish flourish, you’re in the right place for the best MacBook Air cases. We have form-hugging cases, luxurious covers, and padded sleeves priced from $10 to $130. Happy shopping!
Computing

Intel teases 9th-generation Core i9 mobile processors at GDC 2019

Intel teased its new 9th-generation Intel Core i9 processors at GDC 2019. The company offered few specifics about the hardware, but a leak from late February provides insight into what the new processors might offer.
Computing

Intel Command Center lays foundation for next year’s ‘Arctic Sound’ GPU

Intel revealed its new Command Center driver software at GDC 2019. The updated interface will control current Intel integrated graphics and also lays the groundwork for next year's Intel video card.
Web

How much!? British Airways glitch results in $4.2M quote for family vacation

Website errors sometimes cause flight prices to display at way below the correct price. But British Airways recently experienced the opposite issue when it tried to charge a family more than $4 million for a vacation in Mexico.
Computing

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.
Computing

G-Sync and FreeSync can make your games look better, but which is best?

There are some subtle differences between the two adaptive refresh technology offerings, and they affect cost, performance, and compatibility. Nvidia may have released it's feature first, but in recent years AMD has stepped up to the plate…
Computing

Problems with installing or updating Windows 10? Here's how to fix them

Upgrading to the newest version of Windows 10 is usually a breeze, but sometimes you run into issues. Never fear though. Our guide will help you isolate the issue at hand and solve it in a timely manner.
Computing

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.
Computing

Get the Surface Pro 6, with keyboard included, for $1,000 at Microsoft

Thinking of buying a Surface Pro 6? Microsoft is currently running a deal on its latest Windows 2-in-1, letting you bring one home for $1,000 with the keyboard included in the price.
Product Review

Acer Predator Triton 500 review

Nvidia’s new RTX 2080 Max-Q is the fastest GPU you’ll find in any laptop, but it usually comes at a steep price. Acer’s Predator Triton 500, starting at $2,500, makes it a little more affordable. But what must you sacrifice in the…