A database with 13 million MacKeeper accounts was available through Shodan

The MacKeeper developer company constantly reminds owners of Apple Mac computers that they need protection. Today, the company itself needs protection after the base of 13 million MacKeeper user accounts has been made publicly available.

The most interesting thing is that the database was open to everyone through the Internet, just make a simple request in the search engine Shodan.io.

port:27017

The database contains names, phone numbers, emails, user names, MD5 password hashes without salt, computer identifiers, serial numbers, IP addresses, software license and activation codes, type of equipment and type of subscription MacKeeper.

The find was reported on Monday by security expert Chris Vickery in a comment on the Reddit forum.

The specialist downloaded the database, and then notified Kromtech (owner of MacKeeper) about this.



Kromtech closed the hole for several hours and reported that analyzing the logs on the server shows a single access to the files. That is, there is a hope that, besides Chris Vickery, no one guessed to make such a request on Shodan.

Chris Vickery managed to find four IP addresses at which to access the data.

“The Shodan.io search engine indexed their IP addresses as publicly available MongoDB instances (as some have already guessed),” Vickery commented. “I had never heard of MacKeeper or Kromtech until last night, I just stumbled upon them when, out of boredom, I ran the random request“ port: 27017 ”to Shodan.”

Shodan search engine is designed to search for servers, routers, network devices and everything else that is connected to the Internet. Users can filter queries to find equipment by specific manufacturer, by function or geographical location.

Kromtech spokesmen said they had launched a “comprehensive internal investigation” of the incident and tightened security measures.