In response to recent media reports alleging that a threat actor known as “KaruHunters” gained unauthorized access to a NAS device and claimed to have stolen 1.7 TB of data for sale, QNAP immediately initiated its internal security investigation. Based on currently available information, QNAP provides the following preliminary statement.

1. Incident Overview

According to QNAP’s investigation, the affected device referenced in the public claim is a TS-228 running QTS 4.3.6. At this time, QNAP has not observed evidence of a widespread security incident affecting QTS 4.3.6.

QNAP PSIRT’s current assessment is that this incident is more likely associated with user-side security weaknesses—such as weak or reused passwords, improper network configuration, or direct exposure of services to the public Internet—which may have enabled unauthorized access to the device. In addition, the risk is significantly increased when recommended QNAP security protections are not enabled.

2. myQNAPcloud Service Security Status

Media reports also claim that “KaruHunters” obtained myQNAPcloud platform-level credentials or permissions. Based on our current investigation, the affected user did not enable myQNAPcloud secure access services.

At present, there is no evidence indicating that this incident is related to myQNAPcloud services. QNAP’s review has not identified any vulnerabilities or indicators of compromise within myQNAPcloud systems.

Based on the above, the incident is more likely attributable to device-side Internet exposure and security configuration issues, rather than a security vulnerability in the myQNAPcloud service platform.

3. Actions Taken by QNAP

QNAP maintains robust security response processes and is taking the following actions in accordance with established incident-handling procedures:

• Immediate analysis upon receiving any notification to assess impact scope and determine probable root cause.
• Customer outreach through available support channels to notify potentially affected user, reinforce security best practices, and recommend necessary remediation steps to reduce risk.

4. Security Reminders for Users

QNAP reminds all users that proper security configuration is critical to protecting data and reducing risk. Recommended actions include, but are not limited to:

• Avoid exposing NAS devices directly to the public Internet.
• Enable firewall protections, strong unique passwords, and multi-factor authentication (MFA) where available.
• Regularly update the operating system and applications to apply the latest security patches.
• Enable external services only when necessary, and apply the principle of least privilege for access control.
• Maintain regular backups following best practices (e.g., 3-2-1) to ensure recoverability.