Keenetic Confirms Database Breach, User Data Compromised for Accounts Created Before March 16, 2023

The networking equipment manufacturer Keenetic Limited informed users of the Keenetic mobile app who registered accounts prior to March 16, 2023, about unauthorized access by hackers to its IT infrastructure, which resulted in a breach of their database. Consequently, third parties may have obtained access to customers’ personal information.

The incident related to information security in Keenetic’s IT infrastructure occurred on March 15, 2023. An independent IT security researcher alerted the company to the potential for unauthorized access to the database of the Keenetic mobile app. Keenetic’s specialists quickly secured the database to prevent further unauthorized access. The security researcher assured the company that they had not shared any breach information with others and had deleted any copies. Up until the end of February 2025, there were no indications that Keenetic’s database had been compromised or that any customers had suffered from a data leak.

On February 28, 2025, Keenetic discovered that some information from its database had been revealed to an independent media outlet. The company confirmed that certain user data had been accessed by external parties. However, considering the nature of the potentially exposed information, Keenetic assessed the risk of fraudulent activity as low while urging customers to take additional precautions.

Keenetic warned that hackers might have accessed email addresses (usernames) and account names. Additionally, compromised data included user VPN credentials and various details about device and software configurations, which do not pose a threat to user privacy.

Keenetic emphasized that it does not collect, store, or analyze credit card information or related credentials, transaction data, banking details, or customer banking passwords. Therefore, hackers could not gain access to such data during the breach.

The company strongly recommended that all users of the Keenetic mobile app change their account passwords, Wi-Fi passwords, and VPN client/pre-shared keys for PPTP/L2TP, L2TP/IPSec, IPSec Site-to-Site, and SSTP.

Keenetic asserts that unauthorized access to its customer database occurred without any fraudulent intent, and the information within this database remains confidential and is not publicly available.

As of March 1, 2025, the Keenetic mobile application and the Keenetic remote monitoring and management system (rmm.keenetic.com -> migration to rmm.netcraze.ru) stopped functioning in Russia due to changes in applicable legislation. «Please transition to the new Netcraze tools. If you have any questions, Keenetic’s support team is always ready to assist,» the company explained. Expert assessments indicated that the current cloud service of Keenetic operating in Russia, based on solutions from «Netcraze» (formerly LLC «Keenetic»), is now responding from Selectel addresses instead of Hetzner addresses.