--- snip --- The attackers also provided proof they’d stolen Ubiquiti’s source code, and pledged to disclose the location of another backdoor if their ransom demand was met. [...]
Ubiquiti should have immediately invalidated all of its customer’s credentials and forced a reset on all accounts, mainly because the intruders already had credentials needed to remotely access customer IoT systems. --- snap --- --https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/ | Whistleblower: Ubiquiti Breach “Catastrophic” | | On Jan. 11, | | Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet | of Things (IoT) devices such as routers, network video recorders and | security cameras — disclosed that a breach involving a third-party | cloud provider had exposed customer account credentials. Now a source | who participated in the response to that breach alleges Ubiquiti | massively downplayed a “catastrophic” incident to minimize the hit | to its stock price, and that the third-party cloud provider claim | was a fabrication. [...] On Tue, 12 Jan 2021 11:23:33 +0100 Albert Rafetseder wrote: > Liebe Leute, > > falls Ihr bei Ubiquiti einen Account registriert habt, ändert bitte Eure > Passwörter. Da gab's möglicherweise einen Fremdzugriff auf die > Registrierungsinformation. > > Link hier, Text auch unterhalb in Kopie: > > https://community.ui.com/questions/Account-Notification/96467115-49b5-4dd6-9517-f8cdbf6906f3 > > Danke an David für die Weiterleitung dieser Information im Matrix-Chat! > > Schöne Grüße, > Albert. > > ----8<---- > > # Account Notification > > We recently became aware of unauthorized access to certain of our > information technology systems hosted by a third party cloud provider. > We have no indication that there has been unauthorized activity with > respect to any user’s account. > > We are not currently aware of evidence of access to any databases that > host user data, but we cannot be certain that user data has not been > exposed. This data may include your name, email address, and the one-way > encrypted password to your account (in technical terms, the passwords > are hashed and salted). The data may also include your address and phone > number if you have provided that to us. > > As a precaution, we encourage you to change your password. We recommend > that you also change your password on any website where you use the same > user ID or password. Finally, we recommend that you enable two-factor > authentication on your Ubiquiti accounts if you have not already done so. > > We apologize for, and deeply regret, any inconvenience this may cause > you. We take the security of your information very seriously and > appreciate your continued trust. > > Thank you, > > Ubiquiti Team > -- Wien mailing list Wien@lists.funkfeuer.at https://lists.funkfeuer.at/mailman/listinfo/wien