| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to MacKeeper's breach is not the first time the company has faced issues. Zeobit, the previous owner of MacKeeper before it was sold to Kromtech, paid $2 million in August to settle a class-action lawsuit that accused it of deceptive advertising and making false claims [57485].
(b) The incident involving MacKeeper's breach is part of a larger trend of high-profile compromises of personal data, including other organizations like the US government, health insurer Excellus BlueCross BlueShield, Home Depot, and Target being hit by hackers [57485]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be attributed to the security hole in the MacKeeper software that exposed the personal information of millions of users. The breach was due to a hole in the security that allowed public access to data without the need for username and password authentication. This vulnerability was discovered by security researcher Chris Vickery while browsing search engine Shodan.io, indicating a flaw in the design or implementation of the security measures [57485].
(b) The software failure incident related to the operation phase can be seen in the misuse of the MongoDB database management system by the company. The data breach occurred because the MongoDB database was left publicly accessible without any protection measures, allowing unauthorized access to sensitive customer information. This operational oversight led to the exposure of user data and highlights a failure in the operational practices of the company [57485]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident related to MacKeeper's breach was primarily due to a security vulnerability within the system itself. The breach exposed the personal information of millions of users due to a hole in its security that allowed unauthorized access to usernames, email addresses, and other data [57485]. The breach was discovered by a security researcher who found the vulnerability through a random search on a database management system, MongoDB, without the need for username and password authentication. The company acknowledged the error and quickly fixed the issue after it was brought to their attention [57485].
(b) outside_system: There is no specific information in the article indicating that the software failure incident was primarily due to contributing factors originating from outside the system. The breach was a result of a security vulnerability within the system itself, which allowed external access to sensitive user data. |
| Nature (Human/Non-human) |
non-human_actions |
(a) The software failure incident in this case occurred due to non-human actions. The breach in MacKeeper's security was discovered by security researcher Chris Vickery through a random search on the search engine Shodan.io, which revealed open access to data without the need for username and password authentication [57485].
(b) The software failure incident was not due to contributing factors introduced by human actions. The breach was a result of a security vulnerability in MacKeeper's system that allowed public access to sensitive customer data without the need for authentication, rather than being caused by intentional human actions [57485]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident related to hardware:
- The breach in MacKeeper's security was due to a hole in its security that exposed the personal information of millions of users [57485].
- Security researcher Chris Vickery discovered the security hole while browsing search engine Shodan.io, where he found four different IP addresses associated with Kromtech offering public access to data without the need for username and password authentication [57485].
(b) The software failure incident related to software:
- The breach in MacKeeper's security was attributed to a vulnerability in its data storage system that allowed unauthorized access to customer data [57485].
- The software flaw allowed public access to troves of data without the need for username and password authentication, indicating a software-related issue in the security implementation [57485]. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident related to the breach of MacKeeper's data was non-malicious. The breach was due to a security hole that exposed the personal information of millions of users. Security researcher Chris Vickery discovered the vulnerability while browsing search engine Shodan.io and found that the data was publicly available without the need for username and password authentication. Kromtech quickly closed the hole after being notified by Vickery, and the company stated that only one individual (the security researcher) gained access to the data. Kromtech also mentioned that they had no evidence the data was accessed by malicious parties [57485]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor decisions can be seen in the case of the MacKeeper breach. The breach occurred due to a security hole in the software that exposed the personal information of millions of users. This vulnerability was discovered by security researcher Chris Vickery, who found that the data was publicly available without any protection, as the company had left it open on the web without requiring any authentication [57485]. This indicates a poor decision on the part of the company to not adequately secure the data of its users, leading to the breach. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence is evident in the breach of MacKeeper's security, where a hole in its security exposed the personal information of 13 million customers. The breach was discovered by security researcher Chris Vickery, who found that the data was publicly available without the need for username and password authentication. This indicates a lack of professional competence in securing sensitive customer information [57485].
(b) The software failure incident related to accidental factors is highlighted by the discovery of the security hole by Chris Vickery in a moment of boredom while browsing search engine Shodan.io. The exposure of customer data was accidental as it was publicly available without any intentional exploitation or vulnerabilities involved. Vickery stumbled upon the breach through a random search query, indicating an accidental discovery of the security vulnerability [57485]. |
| Duration |
permanent |
(a) The software failure incident in the article seems to be more of a permanent nature. The breach exposed the personal information of millions of MacKeeper users due to a security hole in the software. The breach was acknowledged by the company, and they mentioned fixing the error within hours of its discovery by a security researcher [57485].
The breach allowed public access to data without the need for username and password authentication, indicating a significant security flaw in the software. The ease with which the hacker was able to access customer data raises concerns about the overall security of the software and the potential existence of other vulnerabilities waiting to be discovered [57485]. |
| Behaviour |
other |
(a) crash: The incident involving MacKeeper was not a crash where the system lost state and did not perform any of its intended functions. Instead, it was a breach that exposed personal information of millions of users [57485].
(b) omission: The incident was not due to the system omitting to perform its intended functions at an instance(s). It was primarily a security breach that exposed user data [57485].
(c) timing: The incident was not related to the system performing its intended functions correctly but too late or too early. It was a breach that occurred due to a security vulnerability in the system [57485].
(d) value: The incident was not due to the system performing its intended functions incorrectly. It was a breach that exposed personal information of users [57485].
(e) byzantine: The incident was not characterized by the system behaving erroneously with inconsistent responses and interactions. It was primarily a security breach that exposed user data [57485].
(f) other: The behavior of the software failure incident in this case was a security breach that exposed personal information of millions of MacKeeper users due to a security vulnerability in the system [57485]. |