Data compromised in Ubiquiti breach, source claims | SC Media
Breach, Cloud security

Data compromised in Ubiquiti breach, source claims

April 4, 2021

A source claiming to be an employee of Internet-of-Things company Ubiquiti revealed to KrebsOnSecurity that a January breach indeed led to a compromise of user data.

The source claimed to have been part of Ubiquiti's response team,  described the breach as "catastrophic" and said it was achieved through administrator access to the company's servers on Amazon's Web Services, which allowed the actors to access all of the data stored there and compromise all of the company's key administrator passwords.

Ubiquiti's notice to customers on Jan. 11 described the breach as involving a third-party cloud provider and claimed the company saw no evidence of a breach in user data. In a recent update, Ubiquiti revealed the attacker unsuccessfully attempted to ransom IT credentials and source code but did not claim to possess user information, strengthening the company's belief that no user data was compromised. However, the whistleblower noted that Ubiquiti did not practice access logging on its databases, so there was no way to prove or disprove what the attackers accessed.

Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad