- Keenetic suffered a data leak in 2023, but the hacker said the data were destroyed and not shared
- However, Cybernews researchers recently received a sample database
- Almost a million Russian homes are at risk, experts say.
Information about Keenetic router users, originally stolen in March 2023 and is believed to be eliminated at that time, has appeared online, which could put a million homes with a significant risk.
In a security notification published on the company’s website, Keenetic said an independent IT researcher communicated in mid -March 2023 to warn about unauthorized access to the Keenetic mobile application database.
“After verifying the nature and credibility of risk, we immediately solved the problem on the afternoon of March 15, 2023,” said the company. Keenetic was told that the data had not been shared with anyone and that they were subsequently destroyed. However, now it seems that this was not really the case, since security investigators of Cybernews Recently samples were shown through an anonymous tip.
Names, emails and text passwords without format
Cybernews He says that the number of recorded records includes more than one million emails, names, premises, Keycloak identity management system and a network code order ID and ID ID.
In addition, there were 929,501 filtered records containing SSID and Wi -Fi passwords in flat text, models of devices, serial numbers, interfaces, Mac addresses, domain names for external access, encryption keys and much more.
Then, there were 558,371 device configuration records, such as user access details, HASH passwords of Vulnerable MD-5, assigned IP addresses and expanded configurations of the router.
Finally, comprehensive services records were also leaked containing more than 53,869,785 records, including host names, Mac addresses, IPS, access details and even “owner_is_pirate” flags.
Most exposed users seem to be Russian (943,927), with 39,472 victims who are English users and 48,384 users in Turkish.
After learning about the filtration, Keenetic advised users to register before March 16, 2023, to change the passwords of the user account of their device, Wi-Fi passwords and vpn-client/pre-established keys passwords for PPTP/L2TP, L2TP/IPSEC, IPSEC SITO-A-SITE, SSTP.
Through Cybernews
