IoT firm Ubiquiti hit by ‘catastrophic’ data breach
Intruders allegedly gained administrative access to Ubiquity’s servers
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Update: “In response to this incident, we leveraged external incident response experts to conduct a thorough investigation to ensure the attacker was locked out of our systems,” Ubiquiti has said in amessageto its community, adding that the experts found no evidence that would suggest that customer information was accessed. The company says it is working with law enforcement agencies and has “well-developed evidence” that the perpetrator was an individual with intricate knowledge of Ubiquiti’s cloud infrastructure.
An anonymous whisteblower has claimed thatInternet of Things (IoT)specialists Ubiquiti massively downplayed its recent system breach.
Ubiquity urged its customers to change theirpasswordsblaming in January 2021 after claiming an incident at a third-partycloud providermay have exposed authentication information.
However, this was apparently false information given out at the behest of the company’s legal department apparently to protect Ubiquity’s share price, theanonymousletter to the European Data Protection Supervisor claims.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
Click here to start the survey in a new window«
According to the letter, which the whistleblower shared with leading cybersecurity expert Brian Krebs, the breach potentially put all Ubiquiti devices at risk.
Downplaying the incident
The whistleblower shared that the attackers had gained administrative access to Ubiquiti’scloud serversatAmazon Web Service (AWS)and accessed all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forgesingle sign-on (SSO)cookies.
In the letter, the whistleblower alleges that Ubiquiti’s security noticed something was amiss in late December last year, and soon found a backdoor left by the intruders.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Removing the backdoor invited a ransom note from the intruder threatening to expose the breach along with details of another backdoor. Ubiquiti however didn’t engage with the intruders and found and closed the second backdoor.
“Ubiquiti had negligent logging (no access logging on databases) so it was unable to prove or disprove what they accessed, but the attacker targeted the credentials to the databases, and created Linux instances with networking connectivity to said databases,” wrote the whistleblower in the letter reiterating that it was the company’s legal department that overrode repeated requests to take stringent action.
Via:KrebsOnSecurity
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
