A database with 13 million MacKeeper accounts was available via Shodan

MacKeeper developer company constantly reminds owners of Apple Mac computers that they need protection. Today, the company itself needs protection after the base of 13 million user accounts of MacKeeper was in open access.

The most interesting thing is that the database was open to all comers via the Internet, it is enough to make a simple query in the search engine Shodan.io.

port:27017 

The database contains names, phone numbers, emails, user names, password-free MD5 hashes, computer identifiers, serial numbers, IP addresses, software license and activation codes, equipment type, and MacKeeper subscription type.

The discovery was reported on Monday by security specialist Chris Vickery in a comment on the Reddit forum.
')
The specialist downloaded the database and then notified Kromtech (the owner of MacKeeper).



Kromtech closed the hole for several hours and reported that analyzing the logs on the server shows one-time access to the files. That is, there is hope that, apart from Chris Vickery, no one has guessed to implement such a request for Shodan.

Chris Vickery found four IP addresses that could be used to access data.

“The search engine Shodan.io indexed their IP addresses as MongoDB publicly available instances (as some have already guessed),” Vickery commented. “I’ve never heard of MacKeeper or Kromtech before last night, I just stumbled upon them when, out of boredom, I launched a random query" port: 27017 "in Shodan."

Search engine Shodan is designed to search for servers, routers, network devices and everything else that is connected to the Internet. Users can filter queries to locate equipment by manufacturer, by function, or geographic location.

Representatives of Kromtech said that they had launched a "comprehensive internal investigation" of the incident and increased security measures.