Ubiquiti comments on explosive data leak
Network equipment maker Ubiquiti hit the media – this time with no reviews. In January, the company announced that there had been a data breach, so an attacker could have gained access to information. Read in the January statement "not that wild". Allegedly, however, it should have been much worse, even catastrophic. The attackers would have got hold of the full source code of control content as well as information on security keys. The third party therefore also acquired root administrator rights for all Ubiquiti AWS accounts. They have now also commented on these allegations.
The new Echo Dot (4th generation) | Smart speaker with Alexa | White
View on Amazon
Fire TV Stick 4K Ultra HD with Alexa Voice Remote
View on Amazon
It should be pointed out that the analysis of customer data and the security of the products has not changed since the announcement of January 11th. In response to this incident, external incident response experts were hired to conduct a thorough investigation to ensure that the attacker was locked out of the systems.
These experts could not find any evidence that customer data was accessed or even attacked. The attacker, who unsuccessfully tried to blackmail the company by threatening to reveal stolen source code and certain IT credentials, never claimed to have accessed customer data. This and other evidence is why it is believed that customer data was not the target of the incident or was otherwise accessed in connection with the incident.
At this point in time, there is clear evidence that the perpetrator is a person who knows Ubiquiti's cloud infrastructure very well. Since one is cooperating with the law enforcement authorities in the course of the ongoing investigation, no further comment can be made.
As a precaution, we recommend changing the password – also on pages where you log in with identical data. We also recommend enabling two-factor authentication for Ubiquiti accounts, if you haven't already.
Amazon links are included in this article. Clicking on it will take you directly to the provider. Should you decide to buy there, we will receive a small commission. Nothing changes in the price for you.