If your Internet connection is going through a router from ASUS, your router—and all your information passing through it—may have been viewable by anyone in the world.
ASUSTeK Computer, Inc. agreed to settle charges with the U.S. Federal Trade Commission (FTC) on Feb. 23 that its routers were insecure, and the personal data of thousands of people using its products had their personal information exposed online.
The Taiwan-based computer hardware maker will have to “establish and maintain a comprehensive security program” that will be subject to independent audits for the next 20 years, according to an FTC press release.
“Routers play a key role in securing those home networks, so it’s critical that companies like ASUS put reasonable security in place to protect consumers and their personal information,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, in the release.
The controversy started in February 2014, when thousands of people who own ASUS routers found an odd document saved to their devices.
It turned out the document was from a hacker, and it told them he hacked their devices through a vulnerability in their ASUS routers, according to Ars Technica.
“Your Asus router (and your documents) can be accessed by anyone in the world with an internet connection,” the letter stated, in part. It then gave them a link for further information, and gave them a brief fix.
ASUS patched the vulnerability soon after, but the controversy with the devices is still far from over.
The FTC settlement with ASUS includes a long list of security requirements the company will need to meet and maintain—and the whole incident won’t come to a full close for the next 20 years.