Data of 13m MacKeeper users leaked online
Company behind controversial Mac utility admits to data breach
Kromtech, the company behind the controversial MacKeeper utility, has admitted that a data breach has exposed the usernames, passwords and other information on more than 13m users.
The breach was first discovered by security researcher Chris Vickery, who said that he found 21 GB worth of MacKeeper data on Shodan, a specialised search engine. Vickery alerted Kromtech to the breach and the company quickly removed public access to the database, claiming that Vickery was the only one to access it.
"Kromtech is aware of a potential vulnerability in access to our data storage system," the company said in a statement.
"We are grateful to the security researcher Chris Vickery who identified this issue without disclosing any technical details for public use. We fixed this error within hours of the discovery. Analysis of our data storage system shows only one individual gained access performed by the security researcher himself. We have been in communication with Chris and he has not shared or used the data inappropriately."
Kromtech maintained that customer credit card data was never at risk from the breach, as the company uses a third party to process payments.
MacKeeper is largely viewed with disdain among IT-savvy users. According to Brian Krebs, an independent cyber security correspondent, the software is "much-maligned" and considered by many "to be little more than scareware that targets Mac users". The software claims to "clean up" and "protect" Mac computers, however critics have said that it often does the opposite. What's more, the software has garnered criticism for being notoriously difficult to remove from the machines it is installed on.
Security experts have advised MacKeeper users to change their usernames and passwords, and to do the same on other accounts if the passwords are the same as the MacKeeper ones.