Signup for news and special offers!
You have successfully joined our subscriber list.
Ubiquiti Inc., an American technology company that makes prosumer-grade networking equipment, disclosed on Jan 11th, 2021, that a breach involving a third-party cloud provider had possibly exposed customer account credentials.
The disclosure said that they currently are not aware of access to any databases that host user data, but they cannot be certain. Ubiquiti encouraged customers to change their passwords.
On March 30th, 2021 a source who participated in the response to that breach alleges Ubiquiti massively downplayed the incident. This source spoke with KrebsOnSecurity on the condition of anonymity. The source said that the two-month breach started in December 2020.
On March 31st, 2021 Ubiquiti posted an update on their user forum stating that their security experts identified no evidence that customer information was accessed, or even targeted.
December 2020 – Breach Happens
January 11, 2021 – Ubiquiti Notifies Customers
March 30, 2021 – Whistleblower reports Ubiquiti breach “Catastrophic”
March 31, 2021 – Ubiquiti post an update stating “no evidence that customer information was accessed, or even targeted.”
If you haven’t changed your password since the Jan 11th notice, do it now!
* For some UniFi devices like the Dream Machine or Dream Machine Pro, there is no way to disable Remote Access.
This is not the first time Ubiquiti was in the news, back in 2015 the company determined that it had been the victim of a $40 million wire transfer scam. Another reason we always need to keep vigilant on security.