Breach, Cloud Security, Cloud Security, Data Security

Data compromised in Ubiquiti breach, source claims

A source claiming to be an employee of Internet-of-Things company Ubiquiti revealed to KrebsOnSecurity that a January breach indeed led to a compromise of user data.

The source claimed to have been part of Ubiquiti's response team,  described the breach as "catastrophic" and said it was achieved through administrator access to the company's servers on Amazon's Web Services, which allowed the actors to access all of the data stored there and compromise all of the company's key administrator passwords.

Ubiquiti's notice to customers on Jan. 11 described the breach as involving a third-party cloud provider and claimed the company saw no evidence of a breach in user data. In a recent update, Ubiquiti revealed the attacker unsuccessfully attempted to ransom IT credentials and source code but did not claim to possess user information, strengthening the company's belief that no user data was compromised. However, the whistleblower noted that Ubiquiti did not practice access logging on its databases, so there was no way to prove or disprove what the attackers accessed.

Jill Aitoro

Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.