A major Keenetic router data leak could put a million households at risk

3 weeks ago 7

(Image credit: Shutterstock)

Keenetic suffered a data leak in 2023, but the hacker said the data was destroyed and not shared
However Cybernews researchers recently received a sample database
Almost a million Russian households are at risk, experts say

Information on Keenetic router users, originally stolen in March 2023 and thought to have been deleted back then, has surfaced online, potentially putting a million households at significant risk.

In a security notification published on the company’s website, Keenetic said an independent IT researcher reached out in mid-March 2023 to warn about unauthorized access to the Keenetic Mobile App database.

“After verifying the nature and credibility of the risk, we immediately resolved the issue on the afternoon of March 15th 2023,” the company said. Keenetic was then told that the data hadn’t been shared with anybody, and was subsequently destroyed. However, it now seems that wasn’t really the case, since security researchers from Cybernews were recently shown samples via an anonymous tip.

Names, emails, and plaintext passwords

Cybernews says the number of exposed records include more than a million emails, names, locales, Keycloak identity management system and Network Order IDs, and Telegram Code IDs.

Furthermore, there were 929,501 leaked records containing WiFi SSIDs and passwords in plain text, device models, serial numbers, interfaces, MAC addresses, domain names for external access, encryption keys, and much more.

Then, there were 558,371 device configuration records such as user access details, vulnerable MD-5 hashed passwords, assigned IP addresses, and expanded router settings.

Finally, comprehensive service logs containing over 53,869,785 records were also leaked, including hostnames, MAC addresses, IPs, access details, and even “owner_is_pirate” flags.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Most of the exposed users seem to be Russian-speaking (943,927), with 39,472 victims being English users, and 48,384 Turkish-language users.

After learning about the leak, Keenetic advised users who registered before March 16, 2023, to change their device user account passwords, WiFi passwords, and VPN-client passwords/pre-shared keys for PPTP/L2TP, L2TP/IPSec, IPSec Site-to-Site, SSTP.

Via Cybernews

US government warns Medusa ransomware has hit hundreds of critical infrastructure targets
We've rounded up the best password managers
Take a look at our guide to the best authenticator app

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article