A source claiming to be an employee of Internet-of-Things company Ubiquiti revealed to KrebsOnSecurity that a January breach indeed led to a compromise of user data.
The source claimed to have been part of Ubiquiti's response team, described the breach as "catastrophic" and said it was achieved through administrator access to the company's servers on Amazon's Web Services, which allowed the actors to access all of the data stored there and compromise all of the company's key administrator passwords.
Ubiquiti's notice to customers on Jan. 11 described the breach as involving a third-party cloud provider and claimed the company saw no evidence of a breach in user data. In a recent update, Ubiquiti revealed the attacker unsuccessfully attempted to ransom IT credentials and source code but did not claim to possess user information, strengthening the company's belief that no user data was compromised. However, the whistleblower noted that Ubiquiti did not practice access logging on its databases, so there was no way to prove or disprove what the attackers accessed.