MacKeeper carelessly leaves 13 million Mac users exposed

Graham Cluley
Graham Cluley
@[email protected]

MacKeeperI don’t think I’ve hidden my dislike for MacKeeper.

The software, which claims to help Mac users stop security threats and clean-up duplicate files on your Mac, leaves an unpleasant taste in my mouth because of its aggressive promotion through pop-up ads and the difficulty that many users have experienced in uninstalling it.

Some have even described MacKeeper as being disturbingly close to scareware.

Nonetheless, in my experience, plenty of Mac users do run MacKeeper (I guess those constant pop-up ads do achieve their goal).

Sign up to our free newsletter.
Security news, advice, and tips.

But those MacKeeper customers have good reason to feel miffed, as it has been revealed that Kromtech – the company which produces MacKeeper – has been reckless with their data, leaving it exposed to anybody who has an internet connection. No password required.

Researcher Chris Vickery stumbled across over 13 million sensitive account details related to MacKeeper, after using the Shodan search engine to hunt for database servers left open to the internet, that required no authentication.

Sure enough, Vickery’s search found four different IP addresses of servers belonging to Kromtech.

And on those servers, Vickery found over 20GB of MacKeeper user data – including names, email addresses, phone numbers, IP addresses, software licenses, system information and users’ hashed passwords.

Leaked MacKeeper data

To make matters worse, the passwords appeared to be hashed using the weak MD5 algorithm, with no salt added, potentially opening opportunities for hackers to crack some of the passwords with ease.

In other words, if you were using the same passwords with Kromtech/MacKeeper as you were using elsewhere on the web, you really should change your passwords.

As Forbes reports, Vickery struggled to find someone at Kromtech who would respond to the security issue:

Vickery said he attempted to disclose the problem to Kromtech, the owner of MacKeeper, over the phone yesterday evening, but was initially unable to get through. After he posted about the issues on Reddit, the company responded, dealing with the disclosure over email in an amicable manner. Within hours of learning of its error, MacKeeper said it had fixed the problem, thanking Vickery.

You can read Kromtech’s security advisory to customers here, where the company says it is reviewing its security measures.

But come on. Let’s be serious. MacKeeper is supposed to be a security product – and yet it stores passwords that weakly? Its users’ details are left on servers open to anyone on the internet, capable of being accessed without any form of authentication?

Not good. Not good at all.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “MacKeeper carelessly leaves 13 million Mac users exposed”

  1. StefanL

    Thanks for this info.
    Luckily for me I took your earlier advice about using a password manager to generate unique passwords for each website/application.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.