Well-known network supplier hit in a “disastrous” accident, according to the whistleblower
Network equipment supplier Ubiquiti is apparently being blackmailed and accused by a whistleblower of covering up a potentially major data breach. These are the most important questions and answers.
How bad was the incident when US manufacturer Ubiquiti notified customers via email on January 11, 2021? The Verge summarized the latest alarming findings Thursday night. Ubiquiti is accused by a whistleblower of covering up a “catastrophic” security breach – and after 24 hours of silence, the company released a statement that none of the whistleblower’s allegations would be discussed.
Why is this important?
The Verge states that Ubiquiti has an excellent reputation. Routers and other network devices, also sold in Switzerland, belonged to the prosumer class. The company name has become synonymous with high security standards and user-friendly management.
Initially, Ubiquiti had notified its customers on January 11 that there was a minor vulnerability in a “third-party cloud provider”, but on March 30, the famous cybersecurity website KrebsOnSecurity announced that the vulnerability was actually much worse than Ubiquiti wanted to admit.
A company whistleblower who spoke to Brian Krebs claims that Ubiquiti himself was hacked and that the company’s legal department was preventing efforts to fully educate customers about the dangers.
How can this be?
According to The Verge, it’s worth reading the report from the acclaimed IT security expert Krebs to see the full claims. As a result, the hackers had full access to the company’s AWS servers. This is because ubiquiti is supposedly Root admin login to LastPass account left rear.
Attackers could use the password manager to access all Ubiquiti network devices that customers have set up to control via the company’s cloud service. And this online service is apparently required for some new Ubiquiti hardware.
What does Ubiquiti say?
When Ubiquiti finally made a statement this week, it wasn’t exactly reassuring, says The Verge – “totally inadequate”.
The company reiterated its view that there is no evidence that user data was accessed or stolen.
As the cancer points The whistleblower clearly stated that the company did not keep any records of who accessed the hacked server. and who doesn’t. Ergo: He couldn’t have any proof.
Ubiquiti’s statement also confirms that the hacker tried to extort money from the company, but did not address allegations of cover-up.
Below, we reintroduce the original Ubiquiti statement issued by the US company after the cancer disclosure report:
these are: community.ui.com
Watson contacted Ubiquiti to comment on the allegations made by The Verge. An answer is pending.
What can Ubiquiti customers do?
The company has already asked buyers or users of Ubiquiti hardware to change the password for online access. They also need to enable two-factor authentication to prevent unauthorized third parties from gaining access.
However, customers can only wait and see if there is any more information leak about the event. If attackers resell customer data or post it online, this is likely to be known sooner or later.
THANKS FOR ♥
Would you like to support Watson and journalism?
(You will be prompted to complete the payment)
The wildest computer attacks ever
This iPhone bug is ingeniously practical
You may also be interested in:
Subscribe to our newsletter