Friday, October 21, 2016

Safety specialist promises to possess saved sensitive information from 13M balances of scamware app MacKeeper

As though conning people out-of cash to get a bit of scamware that does nothing helpful weren’t poor enough, a safety investigator promises that excessively bad protection has permitted him to gain access to sensitive information for significantly more than 13M MacKeeper balances.

I’ve recently saved more than 13 thousand delicate bill particulars associated with MacKeeper, Zeobit, and/or Kromtech […] material like titles, e-mail details, usernames, password hashes, pc title, IP, software permit and service rules, kind of equipment (ex: “macbook pro”), kind of subscribers, phone numbers and pc serial numbers.

The information was utilized by white hat investigator Chris Vickery, who formerly uncovered information breaches at MLB, ATP, Slipknot and a network of constitution K12 colleges in Florida …

Vickery, who published a screenshot of the file construction (under), stated on Reddit the host was totally unprotected.

Six hours after producing this article (and it being at the most effective of the Apple subreddit), the repository continues to be totally unprotected […] No sign in needed at all.

The investigator also mentioned that while accounts were encoded, the machine utilized was exceptionally fragile.

MD5 without any salt… therefore really fragile hashing

Vickery claims he may expose additional information about how exactly he could access the information following it has been guaranteed by the organization.

Should you’re searching for real software to wash and accelerate your Mac, check out our roundup.


You can follow on Twitter or join our Facebook page to keep yourself updated on all the latest from Apple and the Web.