MacKeeper fails to keep 13 million Mac users safe

pj999
pj999
Community Member
edited December 2015 in Lounge

Any comments about this and should 1Password users be concerned? http://tinyurl.com/zp9oz9u


1Password Version: 5.4.1
Extension Version: 4.4.3
OS Version: OSX 10.11.2
Sync Type: Not Provided
Referrer: kb:private-by-design

Comments

  • khad
    khad
    1Password Alumni
    edited December 2015

    Hi @pj999,

    Thanks for taking the time to contact us.

    The issue reported in that Naked Security blog post only affects MacKeeper users. They store user data but failed to properly protect it. I see you came from our "Private by Design" document, so you may have already read this there, but we have gone to great lengths to create 1Password in such a way that we simply don't have the kinds of data about folks that MacKeeper stores.

    As a consequence of our privacy design:

    • Your privacy is protected even if our servers are compromised.
    • Your privacy is protected even if we are compelled to turn evil.
    • Your privacy is protected even if we turn evil of our own accord.

    In other words, we cannot lose, use, or abuse data that we never collect.

    In an ideal world, 1Password users would be savvy enough to never fall for an app like that. However, with a user base of 13 million, it is certainly likely that some 1Password users also used MacKeeper.

    We have added MacKeeper to our Watchtower service, so 1Password users will be alerted to the matter:

    http://watchtower.agilebits.com/check?h=account.mackeeper.com&port=443

    If we can be of further assistance, please let us know. We are always here to help!

  • AGAlumB
    AGAlumB
    1Password Alumni

    Another point I wanted to address is that so long as you're using unique passwords for any site or service (which you can handily store in 1Password, rather than having to memorize them all), then a breach like this doesn't have to be the end of the world: none of your other logins will be affected, and you can change the password for the one that was part of a breach. That's the security angle.

    The privacy angle is that while this doesn't mitigate any loss of personal data due to a breach, it at least doesn't expose potentially countless other sources of private data (which would be the case with password reuse). This isn't exactly good news, but it's less bad at least.

  • wkleem
    wkleem
    Community Member

    It doesn't surprise me that MacKeeper doesn't keep their users safe as they are in my opinion, MAC malware or scareware.

    Try doing a search on MacKeeper?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @wkleem: Indeed, I've never used it personally, but I regularly encounter their ads (offering to 'clean and secure my Mac', usually when I'm on my PC) that try to trick me into signing up...and giving them my personal information, which of course would have been exposed by this. Not a fan. :angry:

This discussion has been closed.