In February 2014, a security vulnerability in the AiCloud functions on a number of Asus routers was compromised to distribute a text file warning of a vulnerability, disclosed in June 2013, allowing the ability to "traverse to any external storage plugged in through the USB ports on the back of the router" via the open internet. Before making the vulnerability public, the researcher was told by Asus that the behaviour was "not an issue", but the vulnerability was reportedly patched shortly prior to the breach.  The IP addresses of 12,937 routers, and 3,131 AiCloud accounts were also leaked by the hackers.  The U. S. Federal Trade Commission issued a complaint over the breach for the company's "failure to employ reasonable security practices has subjected consumers to substantial injury", alleging that Asus had also failed to perform basic penetration tests, allowed users to maintain a default admin password for the AiDisk feature, and failed to notify users of security updates in a timely fashion. As a result, it was also deemed that Asus had misled consumers over the security and protection that its routers provided. In February 2016, Asus settled the complaint, agreeing to implement a "comprehensive security program", including independent audits every two years for the next 20 years.