MacKeeper loses control of user data

MacKeeper Loses Control of User Data

Kromtech recently revealed vulnerability in the data storage process of its MacKeeper software. Security specialist Chris Vickery, who alerted the corporation to the problem with its server, pegged the number of MacKeeper users affected at approximately 13 million in a post on Reddit.

Kromtech posted a security alert concerning the breach on MacKeeper’s website. The company fixed the error in their data storage system within just an hour of its discovery, it said.

The breach didn’t jeopardize hypersensitive data about its customers, Kromtech said. Credit card and payment details are processed by a third party, and the company’s servers do not transmit or keep billing information.

Casual discovery

While using the search engine called Shodan to access servers that require no authentication or verification and were ready to accept external connections, some Internet addresses owned by Kromtech caught Vickery’s eye. As he checked them out, he discovered he could access a database for Kromtech’s 13 million customers.

Moreover, it stores user credentials — for example, product-specific usernames and password hashes for customers’ web accounts — by which they manage their subscriptions, help and support, and product licenses.

The error of their ways

Kromtech made at least three protection errors that put its customers’ private data at risk, Kunal Rupani, principal product manager for Accellion, told TechNewsWorld.

First, it didn’t protect access to its customer database with a username and password. Second, it didn’t make the IP addresses leading to the database private so they wouldn’t show up in search engines like Shodan. Third, it used a weak hash algorithm, MD5, to protect passwords in the database.

“MD5 isn’t the most secure form of protecting passwords,” Chris Ensey, chief operating officer of Dunbar Cyber security, told TechNewsWorld.”It’s commonly broken. It’s an algorithm that’s used to obfuscate but not fully encrypt passwords.”

Time for hackers to act

Kromtech was familiar with the weaknesses of MD5 and ready to change how it hashed passwords before Vickery notified it of its database vulnerability, Kromtech spokesman Bob Diachenko said.

“During the last two days, we implemented a comprehensive internal review and [are] considering other options, like Blowfish,” he told TechNewsWorld.

Vickery was the only real outside party interacting with its customer database before the company closed the security gap he brought to its attention, Kromtech said.

“Although Chris Vickery was good about not posting details about how to access the database, it’s entirely possible that hackers could have figured it out once they knew the database was there,” said Thomas Reed, director of Mac offerings at Malwarebytes.

Moreover, the database was exposed to Net marauders more than Kromtech would like the general public to believe. Kromtech told Vickery the security gap was made as the company reconfigured its servers a week ago, Vickery said in a conversation with security blogger Brian Krebs. A number of the Shodan search records pointing to the database dated back to the mid-November.

“This breach is only the latest in a series of missteps by Kromtech and their predecessor, ZeoBIT,” Reed said.”Earlier this year, hackers pushed malware that took advantage of a MacKeeper vulnerability to install silently on some Macs with MacKeeper installed,” he added.

Advice for users

Considering the security gap Vickery discovered, MacKeeper users should update their account details and security passwords as being a precautionary measure.”If they use the same password on any other accounts, they should change those as well, using a different password than the one they’re using with Kromtech,” Reed recommended.

Users should also stay up-to-date with MacKeeper updates and be cautious about any communication received from the company, Ensey said.

Be the first to comment on "MacKeeper loses control of user data"

Leave a comment

Your email address will not be published.


*


Time limit is exhausted. Please reload the CAPTCHA.