Table of Contents
A significant data breach has compromised the personal and network information of over one million users of Keenetic routers, predominantly in Russia. The leaked data includes sensitive credentials, device configurations, and extensive service logs, heightening the risk of unauthorized network
Scope of the Breach
An anonymous source recently alerted Cybernews to a substantial data leak affecting users of Keenetic routers. The breach encompasses a wide array of sensitive information, notably:Cybernews+1Cybernews+1Keenetic Community
- User Data: Over 1,034,920 records containing emails, names, locale settings, identity management IDs, and Telegram Code IDs.
- Device Information: Approximately 929,501 records detailing Wi-Fi SSIDs and plaintext passwords, device models, serial numbers, MAC addresses, and domain names for external access.
- Configuration Records: Around 558,371 records revealing user access details, MD5-hashed passwords, assigned IP addresses, and comprehensive router settings.
- Service Logs: An extensive collection of over 53,869,785 records, including hostnames, MAC addresses, IP addresses, access details, and flags indicating potential unauthorized activities.
This extensive dataset equips malicious actors with the tools necessary to infiltrate and commandeer affected networks, posing severe privacy and security risks.Cybernews
Keenetic's Response
Keenetic acknowledged the incident, stating that on March 15, 2023, an independent IT security researcher informed them of potential unauthorized access to the Keenetic Mobile App database. The company claims to have promptly addressed the issue and received assurances from the researcher that the data was neither shared nor retained. However, Keenetic reported no indications of further compromise until late February 2025.
Potential Implications for Users
The exposure of such detailed information significantly elevates the risk of cyber threats:
- Unauthorized Network Access: With access to Wi-Fi credentials and device configurations, attackers can infiltrate networks to monitor or intercept traffic and compromise connected devices.
- Credential Exploitation: The presence of MD5-hashed passwords, known for their vulnerabilities, could allow attackers to crack these hashes and gain administrative access to devices.
- Targeted Attacks: Detailed user information, including emails and identity management IDs, could be leveraged for phishing campaigns or identity theft.
Historical Context
This incident is not isolated. Approximately 11 months prior, vulnerabilities were identified in several Keenetic router models (KN-1010, KN-1410, KN-1711, KN-1810, and KN-1910) running firmware up to version 4.1.2.15. These vulnerabilities, disclosed publicly, allowed remote information disclosure through specific endpoints like /version.js
and /ndmComponents.js
. The vendor was notified but reportedly did not respond at the time.
Security Measures and Recommendations
In light of this breach, affected users should take immediate actions to mitigate potential risks:
- Change Wi-Fi and Administrative Passwords: Update all passwords associated with the router and connected devices to strong, unique combinations.
- Update Firmware: Ensure the router's firmware is updated to the latest version to patch known vulnerabilities.
- Disable Remote Management: If not required, turn off remote management features to reduce exposure to external threats.
- Monitor Network Traffic: Regularly review network activity for any unauthorized devices or unusual patterns.
- Implement Network Segmentation: Separate critical devices from less secure ones to contain potential breaches.
Conclusion
The Keenetic router data breach underscores the critical importance of robust cybersecurity practices for both manufacturers and users. As routers serve as gateways to personal and business networks, securing them against vulnerabilities is paramount to safeguarding sensitive information and maintaining trust in digital infrastructures.