Ubiquiti tells customers to change passwords after security breach

Ubiquiti NetworksImage: Ubiquiti Networks
Networking equipment and IoT device vendor Ubiquiti Networks has sent out today notification emails to its customers informing them of a recent security breach.

ZDNet Recommends

Best password managers for business in 2020: 1Password, Keeper, LastPass, and more

Best password managers for business in 2020: 1Password, Keeper, LastPass, and more

Everyone needs a password manager. It's the only way to maintain unique, hard-to-guess credentials for every secure site you and your team access daily.

Read More

"We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider," Ubiquiti said in emails today.

The servers stored information pertaining to user profiles for account.ui.com, a web portal that Ubiquiti makes available to customers who bought one of its products.

The site is used to manage devices from a remote location and as a help and support portal.

According to Ubiquiti, the intruder accessed servers that stored data on UI.com users, such as names, email addresses, and salted and hashed passwords.

Home addresses and phone numbers may have also been exposed, but only if users decided to configure this information into the portal.

How many Ubiquiti users are impacted and how the data breach occurred remains a mystery.

It is currently unclear if the "unauthorized access" took place when a security researcher found the exposed data or was due to a malicious threat actor.

A Ubiquiti spokesperson did not immediately return a request for comment send before this article's publication.

Despite the bad news to its customers, Ubiquiti said that it had not seen any unauthorized access to customer accounts as a result of this incident.

The company is now asking all users who receive the email to change their account passwords and turn on two-factor authentication.

While initially, some users looked at the emails as a phishing attempt, a Ubiquiti tech support staffer confirmed that they were authentic on the company's forums.

A full copy of the email is available below, as on social media.

ubiquiti-breach-notice.pngImage: Dangal Son

Security

Similar Articles:

GoDaddy Confirms Data Breach: What 19 Million Customers Need To Know

GoDaddy Confirms Data Breach: What 19 Million Customers Need To Know

Following security breach, report says Twitter contractors have been caught spying on accounts in the past

Following security breach, report says Twitter contractors have been caught spying on accounts in the past

Bye-bye passwords on Android: Now, use fingerprint to log in to apps, websites

Bye-bye passwords on Android: Now, use fingerprint to log in to apps, websites

Wyze allegedly suffers data breach, logs out all users as a safe measure [Updated]

Wyze allegedly suffers data breach, logs out all users as a safe measure [Updated]