Whistleblower Accuses Ubiquiti of Data Breach Cover-Up

Share post:

Ubiquiti, a company with prosumer routers that have become synonymous with security and manageability, is now accused of covering up a serious security flaw. After 24 hours of silence, the company has now released a statement that does not contradict the whistleblower’s claims.

A company whistleblower claimed that the company itself had been breached and that the legal team was preventing efforts to accurately disclose the risks of the breach to customers.

Hackers had full access to the company’s AWS servers – and they could have accessed any Ubiquiti network devices that customers had set up to control through Ubiquiti’s cloud service. Hackers were also able to gain cryptographic secrets for single sign-on cookies and remote access, complete source code control and signature key exfiltration.

The whistleblower also stated that the company does not keep logs that show who accessed or did not access the hacked servers. The company’s statement also confirmed that the hackers were trying to extort money, but did not address the cover-up allegations.

The fact that Ubiquiti does not deny the allegations gives its customers an insufficient warning. It encouraged users to change their passwords and allow two-factor authentication, but did not resort to the blocking of all accounts and the requirement for password resets – which would have been a more appropriate response.

For more information, read The Verge’s original story.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways