Snippet: Ubiquiti Says Customer Data May Have Been Accessed in Data Breach ☍

Shared on January 12, 2021

Zack Whittaker for TechCrunch:

Ubiquiti, one of the biggest sellers of networking gear, including routers, webcams and mesh networks, has alerted its customers to a data breach.

In a short email to customers on Monday, the tech company said it became aware of unauthorized access to its systems hosted by a third-party cloud provider. Ubiquiti didn’t name the cloud company, when the breach happened or what caused the security incident. A company spokesperson did not respond to requests for comment.

But the company confirmed that it “cannot be certain” that customer data had not been exposed.

These sort of things come quickly and details are scarce until companies understand the full extent of a breach. However, a number of things made it feel more like amateur hour, which can be a bit concerning. First, the notice with a few typos was sent via a Mailchimp (nothing wrong with them, just not the best venue) email that was flagged as spam and phishing by some filters and even the in-message links had trackers, typical for marketing emails. Next, there wasn’t an official notice on the web site or in the community forums. Finally, one wonders if the data could be used to remotely access anything.

Ubiquiti’s core products are networking, typically falling in the middle of the market—a bit more robust than what you’d get for your home, but less expensive than some of the enterprise gear. Because of this, there’s Ubiquiti stuff in a lot of geekier homes, as well as small businesses. It seems that the hardware itself and local accounts are fine, but one complaint that was news to me is that it seems their cloud accounts are becoming more and more mandatory. Users have reported that to set up new devices, you must set up a cloud account and link the device first—I can confirm that’s the case with the UniFi Protect security products and the Dream Machine. I think at this point, the best thing to do is change your passwords, add 2FA (although it doesn’t work in the store), and maybe de-link from the remote-access cloud account until we know more.

Snippets are posts that share a linked item with a bit of commentary.