On the 11th of January, the networking equipment and Internet of Things (IoT) devices provider started to send out emails to customers informing them of a recent security breach, and asking them to change their passwords and to enable two-factor authentication (2FA). 

Source

The company declared that someone obtained “unauthorized access” to their systems hosted by a “third-party cloud provider,” where information was stored for the ui.com web portal, a customer-facing device management service. 

The vendor said that the breach included names, email addresses, and also that salted/hashed password credentials may have been compromised, alongside home addresses and phone numbers if customers input this data within the ui.com portal, without disclosing how many customers were affected by this breach. 

A few months later, a source who claims to have participated in the response to the security breach declared for security expert Brian Krebs that the incident was worse than it seemed and even described it as “catastrophic”, saying that the third-party cloud provider explanation was a “fabrication” and the data breach was “massively downplayed”. 

“It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers. The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.”

Source 

According to this source, the cybercriminals gained administrative access to AWS Ubiquiti databases through credentials stored and stolen from an employee’s LastPass account, in this way obtain root admin access to AWS accounts, S3 buckets, application logs, secrets for SSO cookies, and all databases, including those containing user credentials. 

Heimdal Official Logo

Your perimeter network is vulnerable to sophisticated attacks.

Heimdal™ Threat Prevention
- Network

Is the next-generation network protection and response
solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today Offer valid only for companies.

The cyber attackers contacted Ubiquiti and attempted to extort 50 Bitcoin (BTC) in return for silence, but the vendor did not engage with them. 

featured photo for heimdal news
2021.03.25 QUICK READ

Data Breach Suffered by the California Controller’s Office

Heimdal Featured Image
2021.03.03 QUICK READ

A Nine-Year-Long Data Breach was Disclosed by Malaysia Airlines

heimdal security news and updates
2021.02.22 QUICK READ

Clubhouse Chats Have Been Breached

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP