Questions? Feedback? powered by Olark live chat software

MacKeeper and the 13 Million Member Data Breach

If you own a Mac computer or laptop, it is more than likely that you have come across an advertisement for a program titled MacKeeper. MacKeeper is a Mac maintenance utility developed by Zeobit that claims to be anti-virus software. However, it has often been described as a scam and has been the subject of multiple lawsuits over the past few years. It has been scrutinized for its aggressive advertising methods and has become the heaviest advertiser to Mac users with roughly 60 million ad impressions per month. Through pop-up ads, affiliates, and numerous paid-for reviews and websites the company has made numerous efforts to hide that fact that a majority of users eventually classify the program as malware – the exact problem the software claims to fix. It is notoriously hard to remove from your system, much like other forms of malware. In fact, one of the top organic results when searching for MacKeeper is a thread from Apple’s forums titled, “Do not install MacKeeper”, with instructions on how to uninstall the software.  


The now parent company Kromtech, has faced multiple lawsuits over the credibility of their MacKeeper software with many users claiming their program does not work as advertised.  The company recently lost a $2 million lawsuit in May of 2015 claiming the company exaggerated security concerns of the Mac during use of the trial period, forcing users to purchase the full license. Despite not admitting any wrongdoing, the company has agreed to refund the purchase price for all those who felt cheated. Similar lawsuits have been filed on the basis of false advertising with the claim that neither version of the software performs any credible diagnostic testing.

Kromtech and MacKeeper made headlines again this past Sunday, but this time for accidently exposing 13 million users’ private data. The details included names, phone numbers, passwords, user names, and email addresses. According to white-hat security researcher Chris Vickery, he was able to access and obtain this sensitive data simply due to poor security practices by the previous and current developers Zeobit/Kromtech. He claims that the server and database was completely unprotected with “no log in required at all”. Had this lack in security been found by a malicious party, and not a security researcher, Vickery claims they could have easily paired user passwords with personal computer names, serial numbers, IP addresses, and even more personal information. Kromtech has since been made aware of the breach and now believe everything is secure after locking down the initial server and securing three IP addresses which were leaking data.

While MacKeeper is just the most recent in the line of data breach stories, users must always be careful when giving out personally identifiable data. Companies big and small all feel immune to data breaches and hacks, and not all are fortunate enough to have it happen by a security expert before a malicious hacker. Even with basic security measures in place, there is potential for a data breach if you are not allowing a professional to constantly monitor your network and keep your security protocols up to the current best practices. For more information on how to ensure your organization’s network is secure, check out our Security & Infrastructure page and reach out to an engineer today for an on-site Security Risk Assessment.