Menu
Ubiquiti breach claimed to be 'catastrophically worse than reported'

Ubiquiti breach claimed to be 'catastrophically worse than reported'

Claims that company's legal team supposedly overruled attempts to “decisively protect customers”.

Credit: Dreamstime

An anonymous security professional has, according to cyber security expert and investigative journalist Brian Krebs, claimed that the Ubiquiti Networks security breach that was announced in January was “catastrophically worse than reported”. 

The networking equipment and internet of things (IoT) device vendor said in January that it was aware of unauthorised access to its systems hosted by a third-party cloud provider and asked customers to change their passwords. 

It said at the time that names, email addresses, one-way encrypted passwords, addresses and phone numbers may have been exposed. 

However, Krebs has claimed that, according to an unnamed security professional that assisted with the response to the breach, the vendor's legal team “overruled efforts to decisively protect customers”, the source allegedly wrote in a letter to the European Data Protection Supervisor. 

“The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk,” the source wrote, according to Krebs.

Krebs said the unnamed security professional contacted KrebsOnSecurity, Krebs' website, claiming that hackers obtained full read/write access to Ubiquiti’s databases at Amazon Web Services (AWS) — allegedly the third-party cloud provider mentioned in the vendor’s January statement. 

Krebs claimed the source indicated the attackers had access to privileged credentials that were held in the LastPass account of an Ubiquiti IT employee, the source claimed, which allowed them to gain root administrator access to Ubiquiti AWS accounts, covering S3 data buckets, application logs, databases, user database credentials and secrets to forge single sign-on cookies. 

However, the source supposedly maintained that instead of requesting users to change their own passwords, the vendor should have invalidated customer credentials and forced a reset all accounts. 

“Legal overrode the repeated requests to force rotation of all customer credentials, and to revert any device access permission changes within the relevant period,” the source said, according to Krebs.

Krebs claimed that this access “could have allowed the intruders to remotely authenticate to countless Ubiquiti cloud-based devices around the world”. Krebs said the source went on to say that Ubiquiti discovered a number of established Linux virtual machines by someone with administrative access in late December, which then led to the discovery of a backdoor. 

When that backdoor was supposedly removed in early January, the intruders asked for a ransom of 50 bitcoin, or roughly US$2.8 million, to be silent about the breach, it was claimed. 

Additionally, the source alleged that the intruders would provide the location of a second backdoor if the ransom was paid. However, Ubiquiti supposedly found the second back door on its own, Krebs noted. The source also claimed that the vendor had “negligent logging”, and as such could not prove or disprove what was accessed. 

Krebs recommended users that haven’t changed passwords on Ubiquiti devices since the vendor’s announcement should do so as soon as possible.  

“It might also be a good idea to just delete any profiles you had on these devices, make sure they’re up to date on the latest firmware, and then re-create those profiles with new [and preferably unique] credentials. And seriously consider disabling any remote access on the devices,” he added. 

Since Krebs’ reporting of the alleged downplaying of the breach, various legal firms in the US are investigating the claims on behalf of shareholders. 

This includes the Schall Law Firm, which is investigating claims for “violations of ... securities laws”, while the Rosen Law firm is preparing a class action investigation, seeking recovery of investor losses, according to statements from the two firms. 


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags UbiquitiKrebs on Security

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments