Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
MacKeeper Exposes Data on 13 Million Customers
- Thread starter MacRumors
- Start date
- Sort by reaction score
I suspect most of 13 million users were mislead into installing the app via fake Flash updater.
Amen to that. A loathsome company and product and no surprise that they have been so cavalier with the details of their customers.
I did. I thought it was legit. Even though I was also a member of MR.
What many tech professionals don't get is that most people simply want something that works easily, and are not necessarily experts. Moreover, nor have they the time - and/or knowledge to know the difference between what is good, and what is a parasitic and horrible product.
Anyway, I was one of those who succumbed to the advertising, and found the damned thing impossible to remove - eventually, I had to get it removed professionally.
I wish some criminals like Anonymous would DDoS these guys and similar companies like Conduit. Seems that no legitimate organization ever takes them out until way after the harm has been done. You know what, they ought to screw up Yahoo! too while they're at it. I find it suspicious (an understatement) how many installers for Windows software try to sneak in a Yahoo! browser hijacker, and I've seen a lot of malware creating Yahoo! popups in browsers. As far as I'm concerned, Yahoo! is a malware company.
I avoid any kind of "optimization" tool. Not worth the risk of it being illegit or, even more likely, just ineffective. Even if it works, it could cause havoc with OS updates. Seems that my Mac should be working optimally out of the box anyway. The only thing I've installed is TRIM Enabler because I've got a third-party SSD, so my Mac is neither "out of the box" nor fully Apple-supported, and I'm perfectly aware of why I need TRIM Enabler for it.
Well, now ya know
I avoid any kind of "optimization" tool. Not worth the risk of it being illegit or, even more likely, just ineffective. Even if it works, it could cause havoc with OS updates. Seems that my Mac should be working optimally out of the box anyway. The only thing I've installed is TRIM Enabler because I've got a third-party SSD, so my Mac is neither "out of the box" nor fully Apple-supported, and I'm perfectly aware of why I need TRIM Enabler for it.
Last edited:
Two equally likely scenarios in my mind:
1) They really have no concern for protecting the information of their customers
2) They published a fake DB as a honeypot hoping someone would find it and publish that they have 13 million users.
My parents get that same phone call, almost verbatim, multiple times weekly. Best part is they don't own, and have never owned, a computer. (Yeah, it's sad lol.) Just goes to show just how much time some are willing to invest into phishing, all they had was a phone number. It also sadly means they obviously profit if they continue to sink the time into it.
I once helped a person who called 1800 number, gave the company access to their computer, paid $400 electronically and then walked away while the company "CLEANED" their computer. Wow!
Anti-virus company MacKeeper is making headlines today for its lax security on a customer database that contained 13 million customer records complete with names, email addresses, usernames, password hashes, phone numbers, IP address, and system information.
As shared in a reddit post, Chris Vickery (via Forbes) was able to download the records simply by entering an IP address, with no username or password required to access the data, a major security oversight on MacKeeper's part.
MacKeeper was also using MD5 hashes for passwords, a weak algorithm that's easily bypassed using an MD5 cracking tool. As Vickery says, MacKeeper (and parent company Kromtech) "appears to have no respect for the privacy of its users' data or the integrity of their information."
Vickery did not share details on the exploit and immediately contacted Kromtech about the oversight. Using Vickery's information, Kromtech secured the database after several hours, and nobody with malicious intent was reportedly able to get ahold of customer details. With the exploit fixed, Vickery explained how he accessed the data.For those unfamiliar with MacKeeper, it is Mac software that purports to optimize a Mac and keep it secure from viruses and malware, tricking people into a purchase with unrealistic claims. Earlier this month, a class action lawsuit led to a $2 million settlement that will see MacKeeper providing refunds to customers who purchased the software and would like their money back.
Though MacKeeper says Vickery was the only person to access the information, MacKeeper customers should still change their passwords and passwords on sites that used the same password as the MacKeeper password.
Article Link: MacKeeper Exposes Data on 13 Million Customers
When will people realize that you can't click on everything that's on the web. Use common sense. Protect your computer like your bank account. It's an investment, especially if it's a MAC.
I had wondered how MacKeeper had been able to pollute, ahem advertise so widely throughout the [forced pop-up] Internet. The answer would seem to be, the company somehow has managed to trick a 13m install base into helping in its operating costs of regularly messing up and interrupting my, and others' surfing.
I despise this company!
I despise this company!
What a horrible thing to say. Many of these people were probably new converts to Apple or elderly and didn't know any better. Not everyone is technologically inclined. Get off your high horse.
The amount of people that come into my store with this issue is STAGGERING. Malwarebytes has been a blessing but it doesn't remove everything. Many times we have to go into the System Library to remove the remnants or it'll just re-appear upon restart.
Not that they deserved it... But anyone that signed up for this was pretty much asking for it - that said, I'm pretty sure the people who signed up are also not terribly tech-savy so I kind of feel a bit sorry for them! It's pretty misleading to describe it as 'Anti-Virus' here though tbh.. It almost lends it credibility!
It's not about being technologically savvy. It's about using common sense. If you get a popup that says you have a Microsoft error Trojan...that's a red flag, especially if you're not running any MS software. If you don't know the difference between the basic software running on your computer(you probably bought a Mac because they rarely if ever get viruses) and the error message you're getting maybe you should go back to a PC.
Just sayin.
Victim-blaming is 100% ********. Don't fall into that trap.
The only people who deserve anything are the Mackeeper people, and we all know what they deserve.
There's no way they have 13 million users that fell for their scam.
The might have duplicated 130,000 customers 100 times in their DBs but they can't have 13 million customers.
The might have duplicated 130,000 customers 100 times in their DBs but they can't have 13 million customers.
Can this company, software and their ads die already?
I think Apple should include a note with every Mac purchase to tell the mac newbies to avoid this crap at all cost!
I think Apple should include a note with every Mac purchase to tell the mac newbies to avoid this crap at all cost!
It must have been hard to say that with a straight face!
There are already ways for them to do that. Has Apple already revoked their developer license? If not, they should! People would try to install it and get the "unidentified developer; you should throw this in the trash" message. Apple could/should also add it to the quarantine list, preventing anyone from opening it.
The victims do deserve all of MacKeeper's funds distributed to them
And MacKeeper deserves, let's see... an angry mob burning their servers?
Last edited:
Firstly, they managed to get 13 million customers, wow!
Secondly, someone even bothered to hack in!
Thirdly, I came to know today that it is a legit software, all while long i thought its some sort of spyware.
Secondly, someone even bothered to hack in!
Thirdly, I came to know today that it is a legit software, all while long i thought its some sort of spyware.
All I can say is LOL. Not for the people who got breached, but just for the overall situation of it all.