Ubiquiti Networks Security Breach was catastrophic, whistleblower says
An Anonymous Source Is Saying the January Security Incident Was Severely Downplayed, and Could be Described as “Catastrophic.”
On the 11th of January, the networking equipment and Internet of Things (IoT) devices provider started to send out emails to customers informing them of a recent security breach, and asking them to change their passwords and to enable two-factor authentication (2FA).
The company declared that someone obtained “unauthorized access” to their systems hosted by a “third-party cloud provider,” where information was stored for the ui.com web portal, a customer-facing device management service.
The vendor said that the breach included names, email addresses, and also that salted/hashed password credentials may have been compromised, alongside home addresses and phone numbers if customers input this data within the ui.com portal, without disclosing how many customers were affected by this breach.
A few months later, a source who claims to have participated in the response to the security breach declared for security expert Brian Krebs that the incident was worse than it seemed and even described it as “catastrophic”, saying that the third-party cloud provider explanation was a “fabrication” and the data breach was “massively downplayed”.
“It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers. The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.”
According to this source, the cybercriminals gained administrative access to AWS Ubiquiti databases through credentials stored and stolen from an employee’s LastPass account, in this way obtain root admin access to AWS accounts, S3 buckets, application logs, secrets for SSO cookies, and all databases, including those containing user credentials.
Heimdal® Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
The cyber attackers contacted Ubiquiti and attempted to extort 50 Bitcoin (BTC) in return for silence, but the vendor did not engage with them.