After database debacle, MacKeeper hires the security researcher who outed vulnerability

Mac anti-virus software firm MacKeeper has announced an official partnership with Chris Vickery, the security researcher that discovered a database of the company’s users openly available online.

The Analytical and Security Center will be led by Vickery and will carry out regular security audits of the software and establish security best practices to ensure the safety of users.

Vickery, a white-hat researcher, appeared with MacKeeper as CES in Las Vegas earlier this month to discuss his new affiliation with the company. Vickery will also run the Security Watch blog on MacKeeper’s website, where he will report on new vulnerabilities and offer security advice.

Vickery will remain an independent researcher, a spokesperson for MacKeeper said, but he will receive compensation for writing the blog.

Vickery is known around the security community for regularly breaking news on data breaches and hacks. Recently, he was involved in the discovery of databases online containing data on more than three million Hello Kitty customers, while in late December he uncovered a database of 191 million U.S. voters.

Last month he found an open database belonging to MacKeeper that included data on 13 million users, which was hashed with the outdated MD5 algorithm, though the company said at the time that it is upgrading to the SHA512 algorithm.

“I have come across about 80 open, unauthenticated, and totally available databases that should not be published that way,” said Vickery. It’s a simple mistake that can be made, according to researcher, but can have disastrous results if private data is freely leaked online.

He recommended that most staff in IT need to be aware of the IP addresses and servers they use and see if they can be accessed through their home PCs outside of the office. “That’s really simple, really easy, but that’ll find almost a 100 per cent of the vulnerabilities that I found. If you can reach it from your home, then anybody in the world can do that,” he said.

This year will see a greater focus on strengthening MacKeeper’s security posture through security audits and “anticipating any vulnerabilities that may arise,” added Alexander Kernishniuk, CEO of MacKeeper.

“As a member of the Online Trust Alliance, our company is committed to providing security and privacy for our users. Our partnership with Chris Vickery is a major step towards establishing a solid analytical and security platform to help our company and others to avoid external threats.”