Network equipment manufacturer Keenetic has disclosed a data breach affecting users of its mobile application. The incident was originally discovered in March 2023, when an independent security researcher reported a vulnerability allowing access to the application’s database. Two years later, in February 2025, Keenetic learned that portions of the compromised data had been shared with an unnamed media outlet — prompting public disclosure to affected users.
Timeline of the Breach
The security incident unfolded across two distinct phases:
- March 15, 2023: an independent security researcher alerted Keenetic to a vulnerability in the mobile app’s backend. The company’s technical team identified and patched the flaw the same day. The researcher initially assured Keenetic the acquired data had been destroyed without being shared.
- February 28, 2025: Keenetic learned that portions of the compromised data had in fact been shared with a media outlet. This triggered mandatory data breach notifications to affected users and relevant data protection authorities.
The two-year gap between the breach and public disclosure is notable: users registered before March 16, 2023 may have had their data exposed for an extended period without notification.
What Data Was Exposed
The compromised mobile app database contained the following user and device information:
- User account names and email addresses
- Password hashes (not plaintext passwords)
- Device MAC addresses
- Router serial numbers and model identifications
Keenetic confirmed that the breach did not affect VPN tunnel configurations, private encryption keys, RMM account credentials, or any financial or payment data.
Keenetic Router Owners Who Used the Mobile App Between 2019 and 2023
All users who registered a Keenetic mobile application account before March 16, 2023 should treat their account as potentially compromised. This includes users who:
- Used the Keenetic mobile app for remote router management
- Configured KeenDNS, WireGuard VPN, or other cloud-based features via the app
- Used the same email address and password combination on other services
The exposure of MAC addresses and router model information — while not credentials — provides an attacker with network topology data that can be useful in targeted attacks against specific networks.
Required Actions for Affected Users
- Reset your Keenetic account password immediately using a strong, unique combination not used on any other service
- Generate new authorization keys for mobile application access in the Keenetic web interface
- Update router administrator credentials — the local admin password for the router’s web interface
- Regenerate WireGuard VPN keys if you use WireGuard configured through the Keenetic cloud service
- Check credential reuse: if the exposed email/password combination was used elsewhere, change those passwords immediately and consider enabling MFA where available
The exposure of hashed passwords poses a lower immediate risk than plaintext passwords, but the risk is not zero: if hashes were captured and cracking resources are available, weak passwords can be recovered. Users with short or commonly used passwords should treat their credentials as compromised regardless of the hashing. Keenetic has notified relevant data protection authorities and states it has implemented additional security measures to prevent recurrence.
