Ubiquiti: now joins the breach department through a cloud provider

This is still a developing story, and several podcasts will more than likely have this as I found another security podcast that might be of interest. Hearing things in a different light is definitely something I’m interested in, so we’ll see what has to be said about this story.

Brian Krebs wrote the article yesterday, and this is huge.

Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control
systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider
may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.

If you want to know how big they are, the last paragraph says:

According to Ubiquiti’s investment literature, the company has shipped more than 85 million devices that play a key role in networking infrastructure in
over 200 countries and territories worldwide.

I believe Security Now has talked about this router and I wonder what Steve is going to say about this?

The company became aware that information stored by a third party provider was accessed but they did not say which provider they were using. Brian has steps in the article that cover what you need to do if you’re effected.

Ubiquiti: Change Your Password, Enable 2FA is the article, if you’re effected, read it and follow its instructions or call the company for help.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.