Network equipment manufacturer Keenetic has disclosed a significant data breach affecting their mobile application’s database. The security incident impacts users who registered their accounts prior to March 16, 2023, potentially exposing sensitive user information and device details.
Security Breach Discovery and Initial Response
The vulnerability came to light when an independent security researcher alerted Keenetic to potential database compromise in mid-March 2023. The company’s technical team promptly verified and patched the security flaw on March 15, 2023. Initially, the researcher assured Keenetic that the acquired data had been destroyed without being shared with third parties.
Compromised Data Scope and Impact Assessment
On February 28, 2025, the situation escalated when Keenetic learned that portions of the compromised data had been shared with an unnamed media outlet. The exposed information includes:
– User account names
– Email addresses
– Password hashes
– Device MAC addresses
– Equipment serial numbers
– Router model identifications
Critical Infrastructure Security Status
In their security assessment, Keenetic has confirmed that critical security infrastructure remained uncompromised. The breach did not affect:
– VPN tunnel configurations
– Private encryption keys
– RMM account credentials
– Financial information
– Payment processing data
Essential Security Measures for Affected Users
Cybersecurity experts recommend that affected users implement the following security protocols immediately:
– Reset Keenetic account passwords using strong, unique combinations
– Generate new authorization keys for mobile application access
– Update router administrator credentials
– Regenerate WireGuard VPN keys if applicable
While the risk of malicious exploitation remains relatively low due to the nature of the compromised data, Keenetic has taken proactive steps by notifying relevant data protection authorities. The company has implemented enhanced security measures to prevent similar incidents and continues to strengthen its data protection infrastructure. Users are advised to remain vigilant and monitor their accounts for any suspicious activity while maintaining regular security updates and password changes.
