13 Million Exposed in MacKeeper Exploit

It was discovered about two weeks ago that MacKeeper, an antivirus company, utilized lax security measures, leaving 13 million customer records exposed.

A Reddit user showed how they were able to download customer records including emails, usernames, phone numbers, IP addresses, system information, real names and password hashes.  The passwords were using MD5 hashes, which is a relatively easy algorithm to crack.  All of this information was accessible by simply entering an IP address; usernames and passwords were not required.

The Reddit user alerted Kromtech, the developer of MacKeeper, upon discovery of the vulnerability and the database was secured within a few hours.  It's not known if the exploit was known an used by hackers.  MacKeeper says that nobody accessed any illicit information, but it would be wise to update passwords on MacKeeper accounts.

MacKeeper purports to optimize Apple machines while protecting them from viruses and malware, although they settled a class action lawsuit for $2 million a few weeks ago based on supposedly unrealistic claims.