MacKeeper, the antivirus software which makes Apple iOS devices more secure and stable has got into a big trouble now. Kromtech, which makes the software, has officially announced yesterday that a hole in its software suite has exposed the usernames, email addresses and other personal information of over 13 million customers.
Although, the company claims to have fixed this error within 8 hours, the damage was severe by then. However, the German based company is confident that the leaked info will not get into wrong hands.
Security researcher Chris Vickery published the leak details on Reddit on Sunday and contacted the management of Mackeeper. When contacted Chris admitted that he has discovered a security hole in a moment of boredom while browsing search engine shodan.io.
He added that he found the security lapse as a result of a random search for “port: 27017” which is a default gateway for database management system MongoDB. His further research returned four different IP addresses associated with Kromtech, offering public access to troves of data without the need for username and password authentication and that is when he notified the company.
“Analysis of our data storage system shows only one individual gained access performed by the security researcher himself,” Kromtech said in a statement posted to its website.
The company adds that they have been in communication with Chris and he has not shared or used the data inappropriately.
Kromtech’s statement also sought to assure users that their exposure was limited because it doesn’t collect sensitive personal information from customers and uses a third party to process payments. As a result the billing information is not transmitted or stored on any of the company servers.
The only customer information the company retains are name, products ordered, license information, public IP address and their user credentials such as product specific usernames, password hashes for the customer’s web admin account where they can manage subscriptions, support, and product licenses.
Isn’t the Kromtech statement hard to convince guys?