The anti-virus software for Apple's OS X, MacKeeper, kept the user data of more than 13 million of its customers online without much protection, and someone eventually stumbled upon it.
Yes, stumbled is the perfect word in this instance, as the data was accessed through an IP address, no username or password required.
The data was uncovered by security researcher Chris Vickery, who was browsing the net through Shodan - a specialized search engine that looks for and indexes virtually anything that gets connected to the Internet.
He said he uncovered four IP addresses that took him straight to a MongoDB database, containing a range of personal information, including names, email addresses, usernames, password hashes, phone numbers, IP addresses, system information, as well as software licenses and activation codes.
Vickery contacted MacKeeper who reacted quickly, patching up the holes and thanking him for what he has done.
“Some 13 million customer records leaked from is aware of a potential vulnerability in access to our data storage system and we are grateful to the security researcher Chris Vickery who identified this issue without disclosing any technical details for public use,” the company said in a statement published to its site today. “We fixed this error within hours of the discovery. Analysis of our data storage system shows only one individual gained access performed by the security researcher himself. We have been in communication with Chris and he has not shared or used the data inappropriately.”
The users’ financial information is safe, though, and it said it will reset all passwords.
“Billing information is not transmitted or stored on any of our servers. We do not collect any sensitive personal information of our customers,” the statement continues.