Ubiquiti Inc., an American technology company that makes prosumer-grade networking equipment, disclosed on Jan 11th, 2021, that a breach involving a third-party cloud provider had possibly exposed customer account credentials.
The disclosure said that they currently are not aware of access to any databases that host user data, but they cannot be certain. Ubiquiti encouraged customers to change their passwords.
On March 30th, 2021 a source who participated in the response to that breach alleges Ubiquiti massively downplayed the incident. This source spoke with KrebsOnSecurity on the condition of anonymity. The source said that the two-month breach started in December 2020.
On March 31st, 2021 Ubiquiti posted an update on their user forum stating that their security experts identified no evidence that customer information was accessed, or even targeted.
December 2020 – Breach Happens
January 11, 2021 – Ubiquiti Notifies Customers
March 30, 2021 – Whistleblower reports Ubiquiti breach “Catastrophic”
March 31, 2021 – Ubiquiti post an update stating “no evidence that customer information was accessed, or even targeted.”
What To Do Now
If you haven’t changed your password since the Jan 11th notice, do it now!
How to change your Ubiquiti password
- Login to https://account.ui.com/
- Click on Security, on the left pane.
- Click Change Password
- If you have Two-Factor Authentication enabled, disable it, then reenable it.
- If you don’t have Two-Factor Authentication enabled, please consider turning this on.
How to change your Ubiquiti controller password
- Login to your controller
- Click on the Settings icon in the bottom left corner
- Then click on Admins from the left pane
- Click on Edit to change your password
- Click on Remote Access from the left pane *
- Turn off both Enable Remote Access & Enable Local Login with UBNT Account.
* For some UniFi devices like the Dream Machine or Dream Machine Pro, there is no way to disable Remote Access.
This is not the first time Ubiquiti was in the news, back in 2015 the company determined that it had been the victim of a $40 million wire transfer scam. Another reason we always need to keep vigilant on security.