Nothing is as fun as a company that describes its own data breach as “catastrophic”. That’s a “c” word that you definitely don’t want to hear if you have an account with this company or use their products, and that is exactly what happened to Ubiquiti recently.
Before we get into that, here’s what you should do: Change your Ubiquiti passwords and enable two-factor authentication. If you don’t do anything else in response to this mess, go for it.
In addition to changing your Ubiquiti password and setting up two-factor authentication, you should also take some more serious steps with your Ubiquiti network equipment. As a security expert, Brian Krebs explained::
“If you’ve installed Ubiquiti devices and haven’t changed the passwords on the devices since January 11th of this year, now is a good time to take care of it.
It can also be a good idea to just delete any profiles you had on these devices, make sure they are up to date with the latest firmware, and then recreate those profiles with new ones [and preferably unique] Credentials. And think seriously about disabling remote access to the devices. “
G / O Media can receive a commission
The last bit is key as the data breach, which Krebs described as “catastrophic” by an unnamed source in Ubiquiti, allegedly grants the attackers “root administrator access to all Ubiquiti AWS accounts including all S3 data buckets and all application logs.” has, all databases, all user database credentials and secrets necessary to forge SSO (single sign-on) cookies. “
With this information, attackers could (theoretically) log into Ubiquiti devices remotely. I didn’t see any evidence that this actually happened, and Ubiquiti Expectations that “no evidence that customer information was accessed or even targeted.” But as always in such cases, I would take these statements with a grain of salt.
The breach was so severe that Ubiquiti was able to send an email to customers on Jan. 11 stating that they might want to change their passwords and enable 2FA as a precaution. If the breach were this severe, I’d join others in suggesting that Ubiquiti should instead possibly force all passwords to be reset for all accounts.
Unfortunately, it now depends on which side you believe on – the whistleblower who speaks to Cancer claiming Ubiquiti has no idea if consumer accounts have been accessed because no logging has been set up to determine it, or Ubiquiti itself who says that that everything is fine.
While I doubt we’ll ever find out the full extent of the problem, I am on the side of the whistleblower who, if he wasn’t on the lookout for a fatal short sale of Ubiquitis stock, would have no reason to lie about such a serious problem . In other words, I’d rather take the side of “prepare for the worst” than “do what is necessary and risk a nasty surprise.”
Going forward, make sure you use every possible mechanism to keep your network devices (and any connected accounts) as secure as possible. That means unique passwords for everything, two-factor authentication wherever you can set it up and turn it off Remote management If you never use it and do a thorough search of other security settings, you might want to enable it on your specific router / access point / gateway. (Everyone’s network equipment is different, so certain settings may be enabled by default that you want to explore with your own equipment.)
Also, put a filter or alert on your email that makes it very clear when the manufacturer of your network device sends you an email. I get a lot of emails and it is possible that I didn’t even notice Ubiquiti’s message when they sent it. Stay up to date as this is the best way to protect yourself and your home network from unwanted intruders.