Skip to main content

Researcher stumbles upon 13 million MacKeeper accounts

The anti-virus software for Apple's OS X, MacKeeper, kept the user data of more than 13 million of its customers online without much protection, and someone eventually stumbled upon it.

Yes, stumbled (opens in new tab)is the perfect word in this instance, as the data was accessed through an IP address, no username or password required.

The data was uncovered by security researcher Chris Vickery, who was browsing the net through Shodan - a specialized search engine that looks for and indexes virtually anything that gets connected to the Internet.

He said he uncovered four IP addresses that took him straight to a MongoDB database, containing a range of personal information, including names, email addresses, usernames, password hashes, phone numbers, IP addresses, system information, as well as software licenses and activation codes.

Vickery contacted MacKeeper who reacted quickly (opens in new tab), patching up the holes and thanking him for what he has done.

“Some 13 million customer records leaked from is aware of a potential vulnerability in access to our data storage system and we are grateful to the security researcher Chris Vickery who identified this issue without disclosing any technical details for public use,” the company said in a statement published to its site today. “We fixed this error within hours of the discovery. Analysis of our data storage system shows only one individual gained access performed by the security researcher himself. We have been in communication with Chris and he has not shared or used the data inappropriately.”

The users’ financial information is safe, though, and it said it will reset all passwords.

“Billing information is not transmitted or stored on any of our servers. We do not collect any sensitive personal information of our customers,” the statement continues.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.