Ubiquiti tells customers to change passwords after security breach

Image: Ubiquiti Networks

ZDNet Recommends

Everyone needs a password manager. It's the only way to maintain unique, hard-to-guess credentials for every secure site you and your team access daily.

READ ALSO:

Cyber security issues in 2018: three most prominent data breaches

Read More

The servers stored information pertaining to user profiles for account.ui.com, a web portal that Ubiquiti makes available to customers who bought one of its products.

The site is used to manage devices from a remote location and as a help and support portal.

According to Ubiquiti, the intruder accessed servers that stored data on UI.com users, such as names, email addresses, and salted and hashed passwords.

READ ALSO:

Security and privacy key to smart buildings and cities

At the core of the security problem is the fact that many of the systems that smart building and cities will need to rely on will be linked to a wide variety of internet of things-connected (IoT) devices and sensors that are potentially vulnerable to cyber attacks.

Home addresses and phone numbers may have also been exposed, but only if users decided to configure this information into the portal.

How many Ubiquiti users are impacted and how the data breach occurred remains a mystery.

It is currently unclear if the "unauthorized access" took place when a security researcher found the exposed data or was due to a malicious threat actor.

A Ubiquiti spokesperson did not immediately return a request for comment send before this article's publication.

Despite the bad news to its customers, Ubiquiti said that it had not seen any unauthorized access to customer accounts as a result of this incident.

READ ALSO:

A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?

As the researchers note, anyone who had found this database could use those admin passwords to take over a high-level BioStar 2 account with all user permissions and full clearances, and make changes to the security settings in an entire network.

The company is now asking all users who receive the email to change their account passwords and turn on two-factor authentication.

While initially, some users looked at the emails as a phishing attempt, a Ubiquiti tech support staffer confirmed that they were authentic on the company's forums.

A full copy of the email is available below, as on social media.

Image: Dangal Son

Security

• Capitol attack's cybersecurity fallout: Stolen laptops, lost data and possible espionage
• Cyber security 101: Protect your privacy from hackers, spies, and the government
• The biggest hacks, data breaches of 2020
• The best VPNs for business and home use
• The best security keys for two-factor authentication
• How ransomware could get even more disruptive in 2021 (ZDNet YouTube)
• How to improve the security of your public cloud (TechRepublic)

READ ALSO:

WeWork Breach of Confidential Business Information Serves as a Good Reminder About the Holes in Public WiFi Security

Given that most of WeWork’s tenants do not have permanent office space in the building, the company primarily sells itself on amenities like its WiFi. WeWork offers enhanced security options such as a private VLAN, but they come with substantial added setup and ongoing monthly fees.