Whistleblower Accuses Ubiquiti of Data Breach Cover-Up

Share post:

Ubiquiti, a company with prosumer routers that have become synonymous with security and manageability, is now accused of covering up a serious security flaw. After 24 hours of silence, the company has now released a statement that does not contradict the whistleblower’s claims.

A company whistleblower claimed that the company itself had been breached and that the legal team was preventing efforts to accurately disclose the risks of the breach to customers.

Hackers had full access to the company’s AWS servers – and they could have accessed any Ubiquiti network devices that customers had set up to control through Ubiquiti’s cloud service. Hackers were also able to gain cryptographic secrets for single sign-on cookies and remote access, complete source code control and signature key exfiltration.

The whistleblower also stated that the company does not keep logs that show who accessed or did not access the hacked servers. The company’s statement also confirmed that the hackers were trying to extort money, but did not address the cover-up allegations.

The fact that Ubiquiti does not deny the allegations gives its customers an insufficient warning. It encouraged users to change their passwords and allow two-factor authentication, but did not resort to the blocking of all accounts and the requirement for password resets – which would have been a more appropriate response.

For more information, read The Verge’s original story.

SUBSCRIBE NOW

Related articles

Costs from Global CrowdStrike Outage Could Exceed $1 Billion

The global tech outage caused by a faulty CrowdStrike update on Friday could result in damages exceeding $1...

CrowdStrike update: Warnings from national cyber agencies, repair options from Microsoft

National cybersecurity agencies in the U.S., Canada, the U.K. and Australia issued security warnings about the faulty CrowdStrike...

CrowdStrike update causes global IT outages, fix is available

Some airlines, banks and government services around the world have been affected by a faulty software update for...

Charges dismissed in SolarWinds hacking case

A judge has dismissed most of the Securities and Exchange Commission's (SEC) fraud charges against SolarWinds related to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways