MacKeeper discovered 13 million Earbits.com account records that were left exposed on a database server.
How many victims? 325,000
What type of information? Security researcher Chris Vickery said the information on the Earbits database contained users’ real names, email addresses, SHA1 password hashes with accompanying salts, IPs, and the access keys to Earbits’ Amazon S3 account.
What happened? On January 19, 2016 the security researcher Chris Vickery published a blog post on MacKeeper stating that Earbits was leaking account details of its users. He sent an email to the independent Internet radio station over the holiday weekend.
What was the response? According to Vickery, the company wrote back a few hours later to request the IP address and port of the exposed database in order to address the security flaw immediately. After the email exchange, he checked to see if the data was still accessible, and found that it had already been fixed. As a result, he believes Earbits was able to locate the exposed data using only his description and screenshot.
Details? Vickery wrote, “At this point, it is unknown how long the database remained exposed to the world and whether Earbits will be notifying its users of the breach. It would be a good idea for all Earbits users to change their password for the site and their password on any other site that may have used the same password.”