Ubiquiti 'Catastrophic' Data Breach

By Ethan Ace, Published Mar 31, 2021, 01:49pm EDT

Ubiquiti has grown to be a major networking supplier, growing strongly in 2020, but now the company has suffered a breach that cybersecurity researcher Krebs has called 'catastrophic'.

IPVM Image

Inside this report, we examine:

  • Details of the breach
  • Whistleblower claims
  • Potential for impact in surveillance
  • Comparison to Verkada hack
  • Ubiquiti lack of response
  • Effect on user confidence
  • Impact on Ubiquiti stock price

The **** ******

** ******* ****, ****,******** ******** ***** ** a **** ******, **** ************ ****** of **** ** ***** systems ****** ** * "third-party ***** ********" (****** they *** *** **** the ********). ******** **** this **** "*** *******" names, ***** *********, *** hashed *** ****** *********, but **** **** ***** was ** ********** ** unauthorized ******** ********* *** user ********.

**** ******* *********** **** users ****** ********* *** enable ***-****** **************, *** did *** ***** ******** resets.

Whistleblower ****** "************"

*******,** * ***** **** post, ******** ********** ***** Krebs **** **** * whistleblower *** ****** ******** respond ** *** ****** describes ** ** *** more ****** **** ********'* email ******* *********, ******* it "************."

“** *** **************** ***** than ********, *** ***** silenced *** ********* ******* to ********** ******* *********,” [the *************] ***** ** a ****** ** *** European **** ********** **********. “The ****** *** *******, customer **** *** ** risk, ****** ** *********’ devices ******** ** ************ and ***** ****** *** world *** ** ****.”

*** ************* ******* ****** that ******** ***** ******* efforts ** ****** ***** of *** **** **** of *** ****** *** force ******** ******.

Ubiquiti *** ******* ********

*******, *** ************* ****** that *** ******* "*****-***** cloud ********" ********* *** simply ********'* ******* ** Amazon *** ********, ***** were ******* *** ******* by ******** **********, *** Amazon. ** ******* **** that ********* ****** **** administrator ****** **:

"*** ******** *** ********, including *** ** **** buckets, *** *********** ****, all *********, *** **** database ***********, *** ******* required ** ***** ****** sign-on (***) *******."

**** ***** ********'* ***** of "** *** *** currently ***** ** ******** of ****** ** *** databases **** **** **** data" **** ********. *** whistleblower **** **** **** Ubiquiti *** *** **** access **** ** *********, so ** ** ******** Ubiquiti ***** *** **** known ** **** **** was ******** ** ***.

*******, ********* **** ***** two ********* ** *** system *** ******** ** bitcoin (~$*.* ******* ***) to ******** **** *** remain ***** ***** ***** hack, ****** ******** ******* and ******* ***** ********* without ******** **** *******.

Potentially ***** ******

** *** *************'* ******** of **** ********* ******** are ****, ** ** possible **** *****' ******* may **** **** ********, though ** **** ***** no ******** ** ************ access ***** *** ******. While ********'* ******** ** video *** ****** ******* are *****, ***** ******** have ********** ******* ** ***** surveillance (*** *** *******).

**** ***** **** ***** the ****** ** ********* remotely ******* ***** ** unlocking ***** ** *******, the ******* ****** ** surveillance ******** ** *********** large. **** *** ***** systems ***** *** *******/**-** only, **** ****** ***** disable *********, ******/*** ******** network ***********, ** ****** any ****** ** ***** security ******.

** ******** ********* *** users ** ***** ******* check ****** **** *** unauthorized ****** ***, ** they **** *** *******, change ********* *** ****** two-factor **************.

Compared ** ******* ****

**** ********** **** ****, ********* ** *** Ubiquiti ****** ****** ****** to ******** ******* *** administrator ***********, ** **** case *** *********** ****** in * *********** ******** account.

****** *** ******* ****, this *** *** * superuser ***** ***** ******* simple *******/************* ****** ** customer *******. **** **** databases **** **********. ********* still ***** **** ****** to ******* ********* *** individually ****** ******* ********.

No ******** *** **** ******** (** ***** ****)

******** *** *** ********* to ***** ** *** whistleblower's ***********. ***** **** they **** *** ********* to ******** ******** *** comment, *** **** **** responded ** ****** ********* on *** *****, **************.

************, ******** *** *** responded *** ***** *********** *****' ****** (*** of ***** **** ***** of ************* **** *****). That ****** *** ******* over *** ******** ** of *** **** ** writing **** ** ********.

Update: ******** ******** ********* (** ***** ****)

******** *** *** ******** responded ** ***** ** other **** ******* *** has******** * ********* ** the ******.

******** ** ******** ** their ******** ******** ** the ******* **** ***** that ******** **** *** not ********:

...****** **** **** ******* has ******* **** ******* to *** ******** ** customer **** *** *** security ** *** ******** since *** ************ ** January **.

**** **** *** *** attacker ********* ** ****** them ***** ****** ** releasing ****** **** *** some ******** ** *********** but ***** ******* ** have ******** ******** ****. They **** ** ** to *** **** *** working **** *** *********** and ****** ******* *******.

*******, ******* ******* *** ** Twitter** ******** ** ********'* statement, *** ************* ****** that ******** *** *** logging ******** ******, ** they ****** **** *** sure **** **** ********* have/do *** ****.

IPVM Image

Users ****** **********?

**** **** ** ****** to ******* ***** **** confidence ** ********. ** early *****,******** ******** ****** ******** which *********** **** **** users' ******* ************, **** *********** *** severity ** ****** ** that ******* (********** ** * **-**** forum ******). ******** **** *** made ***** ** ******* cloud ******** *** ****** operation ********** **** ******** **** their ***** ****, ******* **** ***** to ******** ******* ** is***** ******** *** ********** use.

*****' ****** ** ****** to ******* ******** **** sentiment.

Stock ***** ******** / ********* ********** *****

********'* ***** *** ****** more **** **% ***** the ***** ****** *** the ***** ** ***** roughly ****** **** ** was **** * ****** ago:

IPVM Image

************, ******** *****-****** ******** (*,*) **** **** ***** against ******** *** ********* securities *****. ***** ***** allege **** ******** ********** intentionally ********** *** ******** of *** ****** ** order ** ***** ****** to ***** ***** *****.

Vote ***

**** ** *** ****:

Comments (31)

**** **** ** ****** to ******* ***** **** confidence ** ********. ** early *****,******** ******** ****** ******** which *********** **** **** users' ******* ************, **** *********** *** severity ** ****** ** that ******* (********** ** * **-**** forum ******). ******** **** *** made ***** ** ******* cloud ******** *** ****** operation ********** **** ******** **** their ***** ****, ******* **** ***** to ******** ******* ** is***** ******** *** ********** use.

**** ***** *********, *** lawsuits, *** *** **** subject ** **** ***** combined ** ****. **'* a ******* ** ** many ********* ****** ** operation. ***** ** * shame, ******* ** ********** products, ****'** **** ********* in ** **********. **** on *** ****** **** mentioned **** *********. * trust *****, *** ** must ***** *** ****** to **** ** ******* on **** *** *** mentioned. ********** ** *** where **** ****, ** anywhere ** ***.

Agree: 2
Disagree
Informative: 1
Unhelpful
Funny

** **** ** ******** the ******** ** *** if **** ** ********. It's ****** *** ***** to ****. *****'* **** no ******* ** *** stock ** ***** ** continue ** ****. ** closed **** **.**% ** the ***, *** **** lower **** ***** ** was **** ** *********. It's **** ******** ****** there *** **** ** the ***.

**'** ****** **/**** ******** responds ** *** ***** report. ***** ***** *** waiting, ** **** — users ******** ** **** in ******* ***** **** on ***** ****** **** no ********.

Agree
Disagree
Informative: 3
Unhelpful
Funny

***** **** **** *** released, *'** ***** **** Ubiquiti ***** ** **** were ***** ** *** breach *** *** *** January **** *****, ** addition ** **** **** employees **** ******** ********. Only *** ****** *** of ** *** *** email ***** ** *****. The **** ** ** found ** ** *** spam. ** ** *** any **********, *** *** sure ** ** *** (we *** *** *****), it's ******* *** **** users ******** *** *** original ******.

** **** ** *** first ****** **** ** hearing ***** **, *'* also ** ******* ** hear.

Agree: 2
Disagree
Informative: 4
Unhelpful
Funny

* ***'* ****** ********* an ***** **** ********. I *** **** ***** this ******* ***** ****** sources ** *** ****, but ******* **** ****.

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny

* *** ******* ** email.

Agree: 2
Disagree
Informative
Unhelpful
Funny

***** ***** ***** ** in *** **** *** days. **** **** ******* email (****) *** ***** it ** *****. * must **** **** *** read ** ** **** of *** ****** * get **** **** *** marketing. ******* * **** a ****** ******** *** that ******* *** ******* but * **** **** was **** ** **. I've **** ****** **** LastPass ** ****-****** ********* gradually...guess *'** ** ********** that *******.

Agree
Disagree
Informative
Unhelpful
Funny

** ****'* *** ***** with ********? ******** ******** 2FA *** *** *** set *** ******* ** logout **** ******* *** browser. *** ***** **** password ******** ** ****** leave **** ****** ** to *****. ** **** users * *** *** Google ****** *** ***** password *******. **** *** are ** * ********'* computer *** **** ****** the ********, * ********* suggest ** ** **** Google ****** ** **'* probably ** *****. **** choose *********** **** ********. I *** ******** *** have *** * *****, but ** ** *****, it *****'* ****** ****** in.

Agree
Disagree
Informative: 2
Unhelpful
Funny
Agree
Disagree
Informative: 2
Unhelpful
Funny

****** *** *** ****. I **** ***** ******** and *** ** ***** is *** *** **** ways **** ******* ***** have ****** ****** ** the ******** *******. * recall **** ******** *** hacked *** ** * recall *********, ** **** was ******** *** ** the ****** ********** ** place. * ***** * LP ******* *** ** wife * ***** ****. She **** ****** *** master ******** *** *** to ***** *** *******. However, *** ***** **** was **** *** ***** in *** *******.

* ******* ******* ** local **** ***** *****'* help ** ****** ***** accessed ******** **** **** phone.

** ** ******** ***'* the ***** *** ********, their *** ******** ******** must ** ** *****. If ******* ***** **** access ** *** ****** password **** ****** ***********, they *******'* **** *** future *** ** *** industry ** **** ******* users **** *** ****** up ** *** ******* should **** **** *********** and **** *** ** be ***** **** **.

** **** ****'* **** 2FA ******* ** *** a .*** ****** ****** of *** ******** *********, that's ** ****, *** LastPass. ******** ***** ******* 2FA, *** *** *** user ** ***** ** either ** *********** ** be *** *** ** convenience.

* **** **** *** on ********* *** **** accounts * ***'* ****** care ***** (**** *** risk) *** **** ** access. * ******* *** password ** ******* ** an ******* *****. ** it's *** *********, ** can't ******** **. ** it's *** *******, ** need ** ***** ** down ** ***** ** somewhere. ******** ******** **** exist ******* ** ***'* remember * ********* ******* password *** ***** ****** account *** ********* **** so **** ******** ** keep ***** **.

**** ** *** ***** were *******; **** ***** don't **** ****** ********* or *** ** ***** email ******** *** **** don't ******* **** *** email ******* *** ** a *** ** **** accounts, ********** ** *** isn't ******* ** * lot ** ********. ** took **** ***** *** too **** ** ******* 2FA ******* **'* ** extra **** *** **** users *** ********* *** want *** ***********.

Agree: 1
Disagree
Informative
Unhelpful
Funny

**********. ** *** ****** LastPass ******* **** ******, that's ******** *** ** LastPass. *****'* *** **** LastPass *** ** ** one ** ***** ***** does ********* ****. **'* up ** ******** ** train ***** ****** ****** and *** *** ***** policies ** *****.

* **** ****** ***'* take *** ***** ******* from ****. ** **** Hunt *** **** ****** for *****,******** ******** ***'* **** to ** *******, **** better **** *** ***** one. (******** *** *** a***************, ******)

**** ***** ***'* **** secure ********* ** *** on ***** ***** ******** and **** ***'* ******* that *** ***** ******* can ** * *** to **** ********, ********** if *** ***'* ******* on * *** ** accounts.

****** **

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny

***** ** ***** **?

Agree
Disagree
Informative
Unhelpful
Funny

********** **********, *** ***** ****, **.

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny

** **** ***** *** passwords *** ****** *** for *** **** *****.

**** ** ******** ****** choices. **********, **** * or * ******** **** affected ****.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Update: ******** ******** *********

******** *** *** ******** responded ** ***** ** other **** ******* *** has******** * ********* ** the ******.

******** ** ******** ** their ******** ******** ** the ******* **** ***** that ******** **** *** not ********:

...****** **** **** ******* has ******* **** ******* to *** ******** ** customer **** *** *** security ** *** ******** since *** ************ ** January **.

**** **** *** *** attacker ********* ** ****** them ***** ****** ** releasing ****** **** *** some ******** ** *********** but ***** ******* ** have ******** ******** ****. They **** ** ** to *** **** *** working **** *** *********** and ****** ******* *******.

*******, ******* ******* *** ** Twitter** ******** ** ********'* statement, *** ************* ****** that ******** *** *** logging ******** ******, ** they ****** **** *** sure **** **** ********* have/do *** ****.

IPVM Image

Agree
Disagree
Informative: 2
Unhelpful
Funny

********'* ****** *** ********* filled **** *********** ** this *****, *** * lot ** ******* **********:

IPVM Image

Agree
Disagree
Informative
Unhelpful
Funny: 1

** **** **** ***** their ******** *** ***** now *** **** ****** been ***** **** *** product. ** ***** ** an *********** ********** *** majority ** ******* ** use ** *********** **** non-ubiquiti ******** ******** **** not ******* *** **** of ***** ****** (*******, AP's, ***...) *** **** again ***** ** *** main ***** **** ** making ** "******" ** manage ******** ** *** implementing ****** ********** *** have **** ************ *** your ******* *** *******. Hopefully ******** **** ** a ****** **** *********** moving ******* ***** ***** we **** ***** ***** product ***** **** ** support ** *** ******* about **** ***** **** have ** ******** ***** other ******* **** ****** we ***'* *** ***** cloud *** ******** *** utilize *** *** *** controllers.

Agree: 2
Disagree
Informative: 1
Unhelpful
Funny

* *** ******** ** home. * ******** ** email ******* *** *** account ** **** **** Ubiquiti *** * **** not ******** *** ************ about ****.

Agree
Disagree
Informative: 1
Unhelpful
Funny

*** ************* ** **** story ***'* ************* ** trusted, ** **** ** reported **** ** ***'* and **** *** *******; I'm *** *** *** epic **** ********* ** Edward ******* ***** **. Robot... *** **** **. They *** **** ****** until ************, *** *'* not ********* *** ************* with *** ********, * just ***** **** **** tells ** *** *** this ***** ***** ****,

* ** **** ***** personally ******, **** ***** was **** ***** **** a ***** ***** *** to ****** ******* **** on ***** ***** ** Ubiquiti. * **** ** that ******* ****** *** any, **'* ******* ****** now.

Agree: 3
Disagree
Informative
Unhelpful
Funny

* ** **** ***** personally ******, **** ***** was **** ***** **** a ***** ***** *** to ****** ******* **** on ***** ***** ** Ubiquiti. * **** ** that ******* ****** *** any, **'* ******* ****** now.

***, ****'* ********, *** you're ********** **** *** whistleblower ********* * ******* crime.******* ******* - *********

* *******'* ************ *********** ... ********* ** ******** to ***** *** ******* has * ***** ** exclusive ***. *** *********** misappropriation ** **** *********** in ********* ** * fiduciary **** ... *********** fraud **** ** ************ *** ********** ************* to ***'* *** *** of *** ***** ** goods ********* ** ***'* care ** *******.

Agree
Disagree
Informative
Unhelpful
Funny

***. *** * **.

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny

* ***'* ************* ***** whistleblowers, *** ***** ***** has **** ****** *** a **** **** *** takes ***** ****** *********. It ** ****** ******** that ** ***** ******* on ***** ****** ******* seriously ******* *** ************* first. **'* ******** **'* all ******, *** * don't ***** **'* ******.

Agree: 1
Disagree
Informative
Unhelpful
Funny

* *****. * ***'* think ****** ** ***** validate ** ********** ***** if *** ******* ****** wasn't ******* *** *****. Nor ** * ***** Krebs ****** ******** ** invalidate *** ******* ******....

**** ** *** ******* too.. ** **** * dull ***** ** ** comments. * ***** **** John ** *** **** comment **** ** **** be *********** ** *** a **** *************.

Agree: 1
Disagree
Informative
Unhelpful
Funny

*** ***** ** *** is **** **** ** likely ***** ** ****** a **** *************, ** Krebs ****:

“** *** **************** ***** than ********, *** ***** silenced *** ********* ******* to ********** ******* *********,” Adam ***** ** * letter ** *** ******** Data ********** **********.

******* ** *** ******** Data ********** ********** ***, by ******, ** **** cases, ********** **** **** likely ******* ** *************. This ** *** ******* I ** ******* ** see ******.

Agree: 2
Disagree
Informative: 2
Unhelpful
Funny

** **** ***** ** mid-January *** ******* ******** with ********* ***** ********** efforts *** ********** ********. We've **** ******* *** supporting ******** ***** '**. Even **** *** ******* firmware *** ******* ************* issues *** *****-****** **** always **** *** ******. We *** **** ** our ********* **** ***** all **** ******* ***** their ***** ******** *** often ********** *** **** before ********* **** **** would ******. ** **** continue ******** ***** ********, so **** ** **** don't ***** ***** ***** management ******** ** ***** last *****(******** **** ******** to *****).

Agree
Disagree
Informative
Unhelpful
Funny

*** ***** ** **** their ***** ********** ***** doesn't ******* *** ******* using * ***** *******. I ***'* **** ** use * ***** *******. I **** ***, *** it's *** ********* ** the **********. *** **** find **** ***** ***** requesting ***, ********** ***** they ****** *********** ** into ****.

* ***** ******** ** really ******* **** ** terms ** ************* ******. They **** *** ****** what **** **** ** in *** ***** *** then **** ** **** behind *** ****** ** not ****** * ***** team ** * ***** staff *** **** **** prices *** ** * result. * **** **** have ******** *** *** many ******** *** ******* (especially ** ****** *****) and **** **** ** clear *********. *** *** pissed * *** ** people *** **** ** didn't ******* ***** ***********. They ***** *** ********* in *** ***** *** received ****** ** ** support. *** **** ******** a **** ** ** big ****.

*'* *** **** **** companies **** ******* **** trust ** ***** **** without ****** ********-******* *************. Ubiquiti's ********'* ****'* ********* end ***** ** *** typical ********* ******** ********* don't **** ** **** when **** ******* **** base ** ***** *********** and ****** **** **** Ubiquiti ** *****.

* ***** *** ***** products, *** *'* ****** skeptical ***** ***** ********* and *** ****** **** doesn't ******* **** *************.

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny

*'** ***** **** **** of * ***. * like ***** *** ********* and **** ****** ******* the ******** ***** ******* is **** *** *********** of ***** ******** ***** as **** ** ***** than ***** ***********.

Agree
Disagree
Informative
Unhelpful
Funny

*************, **** **** *****:Never ***** *** ******** *** * ********... *** **** ** ***** *** ****...Damn shame, highly innovative and top products. But security is often sloppy (at many companies). If all this is true, it is close to "intent".

Agree
Disagree
Informative
Unhelpful
Funny

* *****'* **** **** for * ******** ****** in * *** *********** applications * **** *** USG. ***** ********* ****'* that ***** *** ****'* very ******** ** ***** of *** ***** ****. I **** *** ******* firewalls **** ********'*.

*******, *** ******** ***** goes ****** **** ** just *** *** * firewall. ** *** *** any ******* **** **** and ***** ** **** major **********, **** ***** potentially *** ** *** network ******* * ****** of ******* **** *** connected ** * ***** server.

**** ***** ****** ** be ******* ** ******* connected ** ***** *** cloud **** ********.

Agree
Disagree
Informative
Unhelpful
Funny

***** ***+ ******** *** 26 *****, ******** **** locked ************ ****** ********** *** Krebs *******.

IPVM Image

* ****'* *** *** warnings ** *** ******, but * *****'* **** up **** ** ***** the *******. *'* *** sure **** *** ********** were, *** *** ****** on ******* **** ****** aren't *****.

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny: 2

** * **** ****, it ***** **** ******** was **** *********** *** days **** *** ** confirmation ***.

******* ** ****** ** and **** ** *** just ** ****...

Agree
Disagree
Informative
Unhelpful
Funny

Agree
Disagree
Informative: 2
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 7,103 reports and 942 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports