Ubiquiti suffered a data breach, which they disclosed in January 2021. Recent information, however, claims that the data breach report was potentially a cover-up of a larger incident that put customer data and devices deployed on corporate and home networks at risk. Ubiquiti originally reported that an attacker had accessed some of its IT systems, which were hosted by a third party cloud provider and that there was no evidence of unauthorised activity. The company encouraged its customers to change their login password and enabling two-factor authentication, as they could not guarantee that user details had not been exposed to the hack.
An anonymous source recently spoke to Brian Krebs about the Ubiquiti breach, stating that the attacker had access to more information than the company would admit. Allegedly, the hack was downplayed in an effort to protects its stock price. The source claimed that Ubiquiti started an investigation into the hack in December 2020. This investigation revealed that the hackers had administrative-level permissions to the company’s databases hosted on AWS. This access would allow them root privilege over all Ubiquiti AWS accounts, all S3 data buckets, application logs, databases, user credentials, and secrets to forge single sign-on cookies.
