More than 1 million households, primarily in Russia, had their credentials, logs, network configurations, and other sensitive details leaked following the compromise of network equipment vendor Keenetic's Mobile App database, Cybernews reports.
Aside from leaking more than 1.03 million records with comprehensive user data and 929,501 records with device information, the database also exposed 558,371 device configuration records and service logs with more than 53.8 million records, according to Cybernews researchers.
"This incident highlights the importance of secure development and hosting practices within supply chains," said researchers. "All vendors, including Keenetic, and their development partners, need to implement stringent data protection protocols, as this leak painfully demonstrates."
The researchers also emphasized the potential exploitation of exposed admin credentials to escalate privileges and facilitate malicious firmware deployment. However, Keenetic, which confirmed addressing the unsecured database two years ago, shared the low odds of any malicious activity stemming from the exposure.
