Kromtech, the manufacturer of MacKeeper, software that is designed to keep Macintosh computers secure, announced this week that a security vulnerability exposed the usernames, email addresses and other personal information of over 13 million users.

The vulnerability was discovered by a security researcher, who published the vulnerability online and notified Kromtech of the issue. According to the researcher, the data was publicly available on the open web. Kromtech fixed the hole after being notified of the vulnerability and reiterated to customers that no payment information or other sensitive information was involved. Lesson? Even software designed as a security product might not be secure enough.