Article 5G17G Ubiquiti breach puts countless cloud-based devices at risk of takeover

Ubiquiti breach puts countless cloud-based devices at risk of takeover

by
Dan Goodin
from Ars Technica - All content on (#5G17G)
privacy-800x450.jpg

Enlarge (credit: Getty Images)

Network devices maker Ubiquiti has been covering up the severity of a data breach that puts customers' hardware at risk of unauthorized access, KrebsOnSecurity has reported, citing an unnamed whistleblower inside the company.

In January, the maker of routers, Internet-connected cameras, and other networked devices, disclosed what it said was unauthorized access to certain of our information technology systems hosted by a third-party cloud provider." The notice said that, while there was no evidence the intruders accessed user data, the company couldn't rule out the possibility that they obtained users' names, email addresses, cryptographically hashed passwords, addresses, and phone numbers. Ubiquiti recommended users change their passwords and enable two-factor authentication.

Device passwords stored in the cloud

Tuesday's report from KrebsOnSecurity cited a security professional at Ubiquiti who helped the company respond to the two-month breach beginning in December 2020. The individual said the breach was much worse than Ubiquiti let on and that executives were minimizing the severity to protect the company's stock price.

Read 7 remaining paragraphs | Comments

index?i=zt_7DlarsTw:Vw0Cai8t8so:V_sGLiPB index?i=zt_7DlarsTw:Vw0Cai8t8so:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments