Router manufacturer Keenetic Limited has warned users of the Keenetic mobile app who registered before March 16, 2023, about a database hack that could allow third parties to gain access to their personal information.
Image source: Keenetic
On March 15, 2023, Keenetic received a report from an independent IT security researcher about the possibility of unauthorized access to the Keenetic mobile application database, after which the problem was fixed the same day. The IT security researcher assured the company that he did not share the data about the hack with anyone and destroyed it. And until the end of February 2025, there was no indication that the database was compromised or any user suffered from a data leak.
However, on February 28, 2025, the company learned that some information from the database had been disclosed to an independent media outlet. Therefore, Keenetic cannot guarantee that the data was properly destroyed and that some information was not leaked to third parties. However, based on the nature of the data that could potentially be disclosed, the company assesses the risk of fraudulent activity as low.
According to Keenetic, hackers were able to gain access to data such as email addresses (logins) and user account names, VPN client logins and passwords, as well as various information about device and software settings that do not pose a threat to user privacy.
Keenetic emphasized that it does not collect, store or analyze payment card data or related credentials, transaction data, bank details or bank passwords. Accordingly, attackers could not have accessed them as a result of the hack.
However, the company recommended that users of the Keenetic mobile application from the risk group change their account passwords, Wi-Fi passwords, VPN clients/pre-shared keys for: PPTP/L2TP, L2TP/IPSec, IPSec Site-to-Site, SSTP.
Keenetic also expressed confidence that the unauthorized access occurred without any fraudulent or malicious intent, and that information about the database is not publicly available.