Hey HackingBlog readers, a massive data leak involving Keenetic routers has exposed sensitive user information, leaving networks at risk. In this article, we cover the details of the breach, its potential threats, and what users need to do to protect themselves.
The Keenetic Data Leak
A major data breach using Keenetic routers, which are mostly used in Russia, took place in March 2023. Users were left open to hacking attempts due to the disclosure of sensitive data, such as network information, router setups, and login credentials. Following an anonymous report, Cybernews discovered the hack, revealing its scope and its dangers.
Details of the Exposed Data
More than a million secret files were made public by the hack. 1,034,920 user records —names, emails, and other personal information—are included in the data. 929,501 device records, including MAC addresses, encryption keys, device models, and WiFi passwords. 929,501 device records, including MAC addresses, encryption keys, device models, and WiFi passwords. 53,869,785 logs of services, detailed logs that an attacker may use to carry out further evil actions.
Cybercriminals find this data, particularly poorly hashed passwords and plain-text WiFi passwords, to be a goldmine that makes it simple for them to enter hacked networks.
Keenetic’s Response
“A limited number of database fields were accessible: Keycloak IDs, emails (logins) and names of Keenetic accounts, locales; device user account configurations, including MD5 and NT password hashes; network interface configurations, including WiFi SSIDs and preshared keys; custom KeenDNS names; WiFi channel settings, roaming IDs and keys; IP policy and traffic shaping settings; remote peer addresses, logins and passwords of VPN clients, assigned IP addresses, names and MAC addresses of registered hosts; IPsec site-to-site configurations; IPsec Virtual-IP server configurations; DHCP pool settings; NTP settings; IP and MAC access lists,”
Keenetic Said.
As soon as Keenetic discovered the breach, they took immediate action. On March 15, 2023, an independent IT researcher informed them.On March 15, 2023, an independent IT researcher informed them.
The Dangers Raised by the Disclosure
The data leak presents an important threat to security since it gives hackers everything they need to breach networks, including Complete administrative power: Attackers can take full control of impacted routers with the use of exposed admin credentials.
Remote access: By utilizing leaked domain names, hackers can gain access to networks. Cybercriminals can exploit IoT devices, gather credentials, and intercept traffic once they have access to the device and data. Attackers could reroute visitors to malicious websites by using DNS hijacking.
The intrusion, which exposed cloud backups connected to Keenetic’s router configurations, most likely started with a misconfigured server. According to reports, the server was run by NDM Systems, a software development company based in Russia that collaborated with Keenetic.
It Is highly suggested following these steps for all Keenetic users who have not updated their login information in the previous two years. All passwords should be updated Immediately change the VPN, WiFi, and device passwords. If you can, turn on two-factor authentication. Look for strange activity in network traffic.
