Up to 13 million users of MacKeeper, a dubious suite of utilities meant to "improve" the performance of your Mac (usually advertised with annoying "pop-under" ads on websites), may have had their usernames, passwords, and other information exposed. This is according to a report from KrebsonSecurity, which says that security researcher Chris Vickery stumbled upon a "trove" of MacKeeper user information online:
IT helpdesk guy by day and security researcher by night, 31-year-old Chris Vickery said he unearthed the 21 gb trove of MacKeeper user data after spending a few bored moments searching for database servers that require no authentication and are open to external connections.
For its part, Kromtech, the developer of MacKeeper, says that it has been in touch with Vickery and has since patched the vulnerability in its data storage system:
Kromtech is aware of a potential vulnerability in access to our data storage system.
We are grateful to the security researcher Chris Vickery who identified this issue without disclosing any technical details for public use. We fixed this error within hours of the discovery. Analysis of our data storage system shows only one individual gained access performed by the security researcher himself. We have been in communication with Chris and he has not shared or used the data inappropriately.
Still, this is just another reason to avoid MacKeeper altogether. Aside from using predatory advertising techniques to "scare" customers into trying the software, MacKeeper has been shown to have critical security flaws in the past, and has even been the subject of a class-action lawsuit over deceptive advertising techniques that ultimately ended in refunds being issued.