Breach, Cloud Security, Cloud Security, Data Security

Data compromised in Ubiquiti breach, source claims

A source claiming to be an employee of Internet-of-Things company Ubiquiti revealed to KrebsOnSecurity that a January breach indeed led to a compromise of user data.

The source claimed to have been part of Ubiquiti's response team,  described the breach as "catastrophic" and said it was achieved through administrator access to the company's servers on Amazon's Web Services, which allowed the actors to access all of the data stored there and compromise all of the company's key administrator passwords.

Ubiquiti's notice to customers on Jan. 11 described the breach as involving a third-party cloud provider and claimed the company saw no evidence of a breach in user data. In a recent update, Ubiquiti revealed the attacker unsuccessfully attempted to ransom IT credentials and source code but did not claim to possess user information, strengthening the company's belief that no user data was compromised. However, the whistleblower noted that Ubiquiti did not practice access logging on its databases, so there was no way to prove or disprove what the attackers accessed.

Jill Aitoro

Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.