MacKeeper: potential security breach

If you have ever registered a copy of MacKeeper, you might like to think carefully about how you want to respond to news of a major security hole which could have exposed your registration information on the Internet.

According to Thomas Fox-Brewster, writing for Forbes, it was recently discovered that the MacKeeper registration database was exposed to access from the Internet. Security researcher Chris Vickery was able to access names, email addresses, usernames, password hashes, phone numbers, IP addresses, system information, software licenses, and activation codes, for up to 13 million MacKeeper customers.

As the password hashes were weakly protected, using MD5, it is possible that intruders may have cracked some or all of the accessible passwords. It is not known whether there has been any malicious intrusion, though, and it is quite feasible that no one other than Vickery has done so.

MacKeeper’s owner, Cromtech, has yet to comment on their website. They have at least closed off this gaping hole, and are transitioning to more secure hashing of passwords too.