Ubiquiti Discloses Major Data Breach, Urges Customers To Change Passwords Immediately

ubiquiti hero 2
It seems getting hacked has become a near-daily occurrence that people should expect will happen at some point. Yesterday, people reported that Ubiquiti, a major vendor of internet of things (IoT) devices such as routers, security cameras, access points, and more, suffered a breach through a third-party cloud provider. The New York City-based company has now urged customers to change their passwords and enable multi-factor authentication as account information and credentials could be at risk.

Both in an email and a forum post, Ubiquiti reported that they had “recently became aware of unauthorized access to certain of our information technology systems hosted by a third-party cloud provider.” The company claims that there is “no indication” of unauthorized user-account activity. Still, they cannot be sure either, so customers are urged to change passwords and enable multi-factor authentication, which is good to use anyhow.
ubiquiti forum post
KrebsOnSecurity states that this warning from Ubiquiti “carries particular significance” as the company has made it challenging to work with its products without using cloud-based account authentication. Obviously, requiring users to use a cloud-based account for authentication with IoT devices does raise concerns as it can create an extra and unnecessary vector of attack. As always, going offline is the most secure way to do work.

Overall, this could be a relatively widespread problem, as Ubiquiti products are, for lack of a better word, ubiquitous. Millions of consumer and enterprise customers use Ubiquiti products on a day to day basis, so the breach could realistically be large. We will have to see if Ubiquiti provides any updates in the coming days, so stay tuned to HotHardware, and change your passwords, please.