This morning I woke up and came in to work to find a message posted on one of the email listservs (yes, those still exist) that I subscribe to.
They referenced this article that talks about the Ubiquiti data breach that was announced on January 11th 2021.
Apparently, there is a whistleblower in the company who is indicting that the company massively downplayed the breach and it was much worse than the public and end users were led to believe.
Big surprise the third party that was involved in the breach (ie where the sensitive information was stored) was Amazon Web Services. As more and more businesses move to the cloud to shrug off the burden of bare metal, it puts an increasing target on AWS.
What is interesting is the press release from Ubiquiti seemed to point the finger at AWS as the target. The whistleblower has a very different story to tell.
The who, what, where, and why is very interesting. I encourage you to read through the whole article if that kind of thing tickles your fancy.
The TL;DR is that the hackers gained access through an old LastPass account and got access to some root credentials. This in turn allowed them access to the database to get login info for countless UniFi devices across the globe.
I picked up a Ubiquiti UniFi Dream Machine for my house just about six months ago now. Personally, I make sure SSH access is off unless I am doing troubleshooting on the device. There is still the App and Web interface that can access the device. I agree with the whistleblower that Ubiquiti should have immediately reset all user accounts and forced credential refreshes after they learned about the breach.
These devices have some pretty in depth analytics and it is scary to think what kind of information hackers could have pulled by accessing them.
Posted with STEMGeeks