Ubiquiti Unifi Breach Worse than Annouced

in STEMGeekslast month


image.png


This morning I woke up and came in to work to find a message posted on one of the email listservs (yes, those still exist) that I subscribe to.

They referenced this article that talks about the Ubiquiti data breach that was announced on January 11th 2021.

Apparently, there is a whistleblower in the company who is indicting that the company massively downplayed the breach and it was much worse than the public and end users were led to believe.

Big surprise the third party that was involved in the breach (ie where the sensitive information was stored) was Amazon Web Services. As more and more businesses move to the cloud to shrug off the burden of bare metal, it puts an increasing target on AWS.

What is interesting is the press release from Ubiquiti seemed to point the finger at AWS as the target. The whistleblower has a very different story to tell.

The who, what, where, and why is very interesting. I encourage you to read through the whole article if that kind of thing tickles your fancy.

The TL;DR is that the hackers gained access through an old LastPass account and got access to some root credentials. This in turn allowed them access to the database to get login info for countless UniFi devices across the globe.

I picked up a Ubiquiti UniFi Dream Machine for my house just about six months ago now. Personally, I make sure SSH access is off unless I am doing troubleshooting on the device. There is still the App and Web interface that can access the device. I agree with the whistleblower that Ubiquiti should have immediately reset all user accounts and forced credential refreshes after they learned about the breach.

These devices have some pretty in depth analytics and it is scary to think what kind of information hackers could have pulled by accessing them.


Sports Talk Social - @bozz.sports


TEAMUSAhive_footer_bozz.jpg


@eos.detroit Staff Writer/BOID Team Leader

Join our Discord here

Posted with STEMGeeks

Sort:  

Ouch ouch ouch! Any idea if it is more than log in credentials? Which should have been encrypted and hashed to buy time for a reset....

I am not sure. Yes, they definitely should have done something!

Nuking the credentials and forcing a reset is the least they could do. Annoying for users, but better than the alternative!

For sure!

There are definitely quite a bit of data breaches happening often. There was Solar Winds, PHP and now this. Security will definitely need to be a focus for any tech related project/company.

Yeah, lots of them lately. Verkada had a pretty big one not to long ago too.