Whistleblower Accuses Ubiquiti of Data Breach Cover-Up

Share post:

Ubiquiti, a company with prosumer routers that have become synonymous with security and manageability, is now accused of covering up a serious security flaw. After 24 hours of silence, the company has now released a statement that does not contradict the whistleblower’s claims.

A company whistleblower claimed that the company itself had been breached and that the legal team was preventing efforts to accurately disclose the risks of the breach to customers.

Hackers had full access to the company’s AWS servers – and they could have accessed any Ubiquiti network devices that customers had set up to control through Ubiquiti’s cloud service. Hackers were also able to gain cryptographic secrets for single sign-on cookies and remote access, complete source code control and signature key exfiltration.

The whistleblower also stated that the company does not keep logs that show who accessed or did not access the hacked servers. The company’s statement also confirmed that the hackers were trying to extort money, but did not address the cover-up allegations.

The fact that Ubiquiti does not deny the allegations gives its customers an insufficient warning. It encouraged users to change their passwords and allow two-factor authentication, but did not resort to the blocking of all accounts and the requirement for password resets – which would have been a more appropriate response.

For more information, read The Verge’s original story.

SUBSCRIBE NOW

Related articles

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Avery Data Breach: Credit Card Skimmer Affects Over 61,000 Customers

Label maker Avery has disclosed a data breach affecting 61,193 customers, caused by a credit card skimmer that...

Scammed Company Ordered to Pay $190k for Fraudulent Invoice Payment

A hacker gained access to Mobius Group’s email system and sent instructions from a legitimate email address, directing...

Sneaky 2FA: A Sophisticated Attack Defeats Both 2FA and Phishing Protections

A new phishing kit, ominously named "Sneaky 2FA," has emerged, targeting Microsoft 365 users by bypassing two-factor authentication...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways