MacKeeper Data Breach

MacKeeper, an increasingly popular MacBook optimization tool suite designed to improve overall system speed, has been revealed to have unintentionally exposed several instances of MongoDB containing sensitive customer data. To make matters worse, the news was made public due to a reddit post by security enthusiast Chris Vickery after many unsuccessful attempts to contact the company about the breach. Over six hours after the news reached reddit, the post was upvoted to #1 on the Apple subreddit forum and still without any response from MacKeeper.

Chris personally described the discovery as almost a complete accident, stating he simply got bored and decided to do a “port 27101” search on the popular search engine Shodan. This is a port commonly associated with MongoDB, so the event of finding an open database isn’t entirely shocking and was most likely his intention. However, the fact that the database contained over 13 million sets of customer information is particularly concerning.

Chris announced the information he obtained included names, email addresses, usernames, password hashes, computer name, ip address, software license and activation codes, type of hardware, type of subscription, phone numbers, and serial numbers. Payment information such as credit card numbers were exempt from this breach because they were processed and stored on alternate servers, but it should be noted that the passwords were weakly hashed with MD5 without any salts. Overall, the quality of data in this breach is significantly less valuable than some more popular hits like Target or Home Depot. This begs the question, “how should the severity of data beaches be determined?” Is it the the quality of Data? The responsiveness of the company to own up to the mistake? Or simply the level of negligence that caused the breach?


Fabrice Mouret