Keenetic has reported a major data breach of users (mostly from Russia) related to the exposure of its mobile app database online, while assessing the risk of fraudulent activity as low.
The leak exposed sensitive credentials, device information, network configurations and logs, including WiFi keys and MD5 and NT password hashes of local accounts.
As Cybernews reports, their research team received an anonymous tip, as well as samples and other information confirming the fact that Keenetic users were compromised.
Researchers confirmed that the leak includes everything from WiFi passwords and router configurations to detailed maintenance logs.
Attackers with access to this data can infiltrate vulnerable networks, monitor or intercept traffic, and compromise additional connected devices.
According to an anonymous source, the exposed records include:
– 1,034,920 records with user data (email addresses, names, locations, Keycloak identifiers, etc.);
– 929,501 records with information about devices (SSIDs, WiFi passwords in plain text, device models, serial numbers, interfaces, MAC addresses, domain names for external access, encryption keys and much more);
– 558,371 device configuration records (user access information, vulnerable MD-5 hashed passwords, assigned IP addresses, and advanced router settings);
– detailed service logs containing over 53,869,785 entries (hostnames, MAC addresses, IP addresses, access details, and even “owner_is_pirate” flags).
Keenetic acknowledged the incident and explained that on the morning of March 15, 2023, an independent researcher informed them of the possibility of unauthorized access to the Keenetic mobile application database.
After checking, Keenetic immediately resolved the problem, the same day.
According to the supplier, the researcher assured him that he did not share the data with anyone and destroyed it altogether.
Since then, Keenetic has not received any evidence that the database was compromised or any user was affected as of February 2025.
Keenetic did not confirm or deny the specific figures, but stated that the leak affected mobile app users who registered before March 16, 2023.
It remains unclear at this time who may have had access to the data, who leaked it, or whether it is available anywhere else.
However, the researchers recommend that Keenetic users immediately change WiFi names (SSIDs), passwords, and router admin passwords, and reset all other credentials used on the networks.
https://keenetic.com/global/company
