Hackers may have accessed personal data in Ubiquiti Networks breach

The security incident with a third-party cloud provider has forced the firm to ask users to reset passwords

Ubiquiti Networks has informed customers that they must reset their passwords after detecting unauthorised access to certain corporate systems hosted by a third-party cloud provider.

Customers are being asked to change their passwords as a precautionary measure since the firm cannot rule out whether or not personal data was exposed, although no evidence of this has been found so far. 

Ubiquiti Networks manufactures networking equipment and IoT devices, including smart doorbells, Wi-Fi equipment and home surveillance hardware. Customers who purchase one of these produces can access forums or support materials by registering to the UI.com website, which also lets them manage devices remotely.

The data in question that may have been compromised includes a users' name, email address, and hashed and salted passwords, as well as postal address and phone number if these were provided. 

“We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed,” the company said in a statement on its forums. “We apologise for, and deeply regret, any inconvenience this may cause you. We take the security of your information very seriously and appreciate your continued trust.”

Although personal information may have been compromised in the suspected attack, its exact nature, the identity of the third-party cloud provider, or any of the timelines involved, haven’t yet been disclosed. There’s also no official confirmation on whether Ubiquiti Networks has contacted law enforcement or data protection authorities, or whether this is the responsibility of the cloud provider that sustained the breach.

It’s not uncommon for an organisation’s customers to be hit by a security incident affecting a third-party cloud provider, and was even the cause behind one of last year’s most significant cyber security horror stories

More than 120 organisations were affected, including UK universities, the Labour Party, Bletchley Park and a donkey sanctuary, after the cloud service provider Blackbaud suffered a ransomware attack. Not only did Blackbaud only inform its customers several months after detecting the attack, but it also revealed it had agreed to pay the ransom.

IT Pro has attempted to contact Ubiquiti Networks but the firm hadn’t responded at the time of publication.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021