Ubiquiti’s Security Breach and Its Response: What Makes This Different?

Sep 30, 2021 | Uncategorized

Security breaches happen. We hate to say it, but it’s true. Problems arise, however, when the company responds poorly to the security breach, causing more harm to their clients. 

This is what happened with Ubiquiti. 

The Ubiquiti Breach

Ubiquiti’s products include WiFi routers, security cameras, and network video recorders. They are very popular with budget-conscious individuals and small businesses because its products make it easy for users to build internal networks without spending thousands of dollars.

Recently, the company started pushing its users towards a unified authentication and access solution. To do so, customers would have to connect to Ubiquiti’s cloud infrastructure, which had the potential to introduce new security risks.

And that’s exactly what happened. On January 11, Ubiquiti sent out a notice to its customers that a two-month-long breach involving a third-party cloud provider might have exposed user account data and urged them to reset their password and enable multifactor authentication. 

Ubiquiti also told customers they were “not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed.”

Ubiquiti’s Deception 

If the situation was as Ubiquiti suggested, this may have ended as a “close call.” At the end of March 2021, a source who was involved in the security response told a different story. 

He or she said that all of the company’s key administrator passwords had been compromised as well, and the correct response would have been to invalidate all credentials. 

One of the major issues here is that Ubiquiti never kept any logs of who was accessing its databases. This is a significant disregard for basic security measures. 

Based on the whistleblower’s account, the attacker(s) gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies. While there is still no evidence that the intruders accessed customer information, they had the ability to remotely authenticate to countless Ubiquiti cloud-based devices around the world. 

The Problem: Security Breach or Response?

In this situation, the issue isn’t that Ubiquiti had a breach. It was their inadequate and deceptive response that warrants attention. No system is completely secure, although there are several ways that your business can minimize the risk of a breach and have a proper response plan in place to resolve any incidents with transparency. 

If you have Ubiquiti products or were notified of this breach, let us know! We can help you find a solution that takes cybersecurity and breach response seriously! 

If you want to know more about what your business needs to protect itself from a breach and what kind of response plan you would need to avoid making Ubiquiti’s mistake, reach out to us here! Our goal is to ensure your business is protected AND set up for success.