This fact was made painfully clear when Chris Vickery, a security researcher, stumbled upon their MongoDB sitting exposed on the internet using a Shodan search. Vickery was bored (according to his Reddit post) and just ran a search for port:27017. What he got back was very surprising.

Vickery found that the MongoDB was open to the world. There was no authentication, no user verification and there were about 13 Million MacKeeper users exposed. The exposure was not just user names, but IP addresses and other information. Fortunately Kromtech uses a third party payment system or we are fairly certain that Credit Cards would be exposed.

Vickery contacted Kromtech and informed them of the issue. They were fairly quick in responding and patched up the one exposed IP. Vickery found two additional IPs that were leaking the data and had to go back to Kromtech to get them to fix those openings. As of this writing it seems that these systems are no longer open to the world, but we do wonder if the fix was simply to obscure the data rather than one that properly protects it.

This incident, although involving a less than loved vendor, illustrates one of the problems with how vendors and developers view security. We are fairly certain that Kromtech did not intentionally expose user data. They simply did not understand what was happening. It is their responsibility to understand and to be paranoid about their user information. Sadly this is not common practice and user information is far too often the casualty of this type of failure…