Ubiquiti 'Catastrophic' Data Breach
Ubiquiti has grown to be a major networking supplier, growing strongly in 2020, but now the company has suffered a breach that cybersecurity researcher Krebs has called 'catastrophic'.
Inside this report, we examine:
- Details of the breach
- Whistleblower claims
- Potential for impact in surveillance
- Comparison to Verkada hack
- Ubiquiti lack of response
- Effect on user confidence
- Impact on Ubiquiti stock price
The **** ******
** ******* ****, ****,******** ******** ***** ** * **** breach, **** ************ ****** ** **** of ***** ******* ****** ** * "third-party ***** ********" (****** **** *** not **** *** ********). ******** **** this **** "*** *******" *****, ***** addresses, *** ****** *** ****** *********, but **** **** ***** *** ** indication ** ************ ******** ********* *** user ********.
**** ******* *********** **** ***** ****** passwords *** ****** ***-****** **************, *** did *** ***** ******** ******.
Whistleblower ****** "************"
*******,** * ***** **** ****, ******** ********** ***** ***** **** that * ************* *** ****** ******** respond ** *** ****** ********* ** as *** **** ****** **** ********'* email ******* *********, ******* ** "************."
“** *** **************** ***** **** ********, and ***** ******** *** ********* ******* to ********** ******* *********,” [*** *************] wrote ** * ****** ** *** European **** ********** **********. “*** ****** was *******, ******** **** *** ** risk, ****** ** *********’ ******* ******** in ************ *** ***** ****** *** world *** ** ****.”
*** ************* ******* ****** **** ******** legal ******* ******* ** ****** ***** of *** **** **** ** *** breach *** ***** ******** ******.
Ubiquiti *** ******* ********
*******, *** ************* ****** **** *** unnamed "*****-***** ***** ********" ********* *** simply ********'* ******* ** ****** *** Services, ***** **** ******* *** ******* by ******** **********, *** ******. ** further **** **** ********* ****** **** administrator ****** **:
"*** ******** *** ********, ********* *** S3 **** *******, *** *********** ****, all *********, *** **** ******** ***********, and ******* ******** ** ***** ****** sign-on (***) *******."
**** ***** ********'* ***** ** "** are *** ********* ***** ** ******** of ****** ** *** ********* **** host **** ****" **** ********. *** whistleblower **** **** **** ******** *** not **** ****** **** ** *********, so ** ** ******** ******** ***** not **** ***** ** **** **** was ******** ** ***.
*******, ********* **** ***** *** ********* to *** ****** *** ******** ** bitcoin (~$*.* ******* ***) ** ******** them *** ****** ***** ***** ***** hack, ****** ******** ******* *** ******* these ********* ******* ******** **** *******.
Potentially ***** ******
** *** *************'* ******** ** **** attackers ******** *** ****, ** ** possible **** *****' ******* *** **** been ********, ****** ** **** ***** no ******** ** ************ ****** ***** the ******. ***** ********'* ******** ** video *** ****** ******* *** *****, their ******** **** ********** ******* ** ***** ************ (*** our *******).
**** ***** **** ***** *** ****** of ********* ******** ******* ***** ** unlocking ***** ** *******, *** ******* impact ** ************ ******** ** *********** large. **** *** ***** ******* ***** are *******/**-** ****, **** ****** ***** disable *********, ******/*** ******** ******* ***********, or ****** *** ****** ** ***** security ******.
** ******** ********* *** ***** ** these ******* ***** ****** **** *** unauthorized ****** ***, ** **** **** not *******, ****** ********* *** ****** two-factor **************.
Compared ** ******* ****
**** ********** **** ****, ********* ** *** ******** ****** gained ****** ** ******** ******* *** administrator ***********, ** **** **** *** credentials ****** ** * *********** ******** account.
****** *** ******* ****, **** *** not * ********* ***** ***** ******* simple *******/************* ****** ** ******** *******. Only **** ********* **** **********. ********* still ***** **** ****** ** ******* passwords *** ************ ****** ******* ********.
No ******** *** **** ******** (** ***** ****)
******** *** *** ********* ** ***** on *** *************'* ***********. ***** **** they **** *** ********* ** ******** requests *** *******, *** **** **** responded ** ****** ********* ** *** story, **************.
************, ******** *** *** ********* *** ***** *********** *****' ****** (*** ** ***** main ***** ** ************* **** *****). That ****** *** ******* **** *** comments ** ** *** **** ** writing **** ** ********.
Update: ******** ******** ********* (** ***** ****)
******** *** *** ******** ********* ** Krebs ** ***** **** ******* *** has******** * ********* ** *** ******.
******** ** ******** ** ***** ******** analysis ** *** ******* **** ***** that ******** **** *** *** ********:
...****** **** **** ******* *** ******* with ******* ** *** ******** ** customer **** *** *** ******** ** our ******** ***** *** ************ ** January **.
**** **** *** *** ******** ********* to ****** **** ***** ****** ** releasing ****** **** *** **** ******** IT *********** *** ***** ******* ** have ******** ******** ****. **** **** go ** ** *** **** *** working **** *** *********** *** ****** comment *******.
*******, ******* ******* *** ** ********* ******** ** ********'* *********, *** whistleblower ****** **** ******** *** *** logging ******** ******, ** **** ****** know *** **** **** **** ********* have/do *** ****.
Users ****** **********?
**** **** ** ****** ** ******* shake **** ********** ** ********. ** early *****,******** ******** ****** ******** ***** *********** made **** *****' ******* ************, **** *********** *** ******** ** issues ** **** ******* (********** ** * **-**** ***** ******). ******** **** *** **** ***** to ******* ***** ******** *** ****** operation ********** **** ******** **** ***** ***** line, ******* **** ***** ** ******** whether ** ******* ******** *** ********** ***.
*****' ****** ** ****** ** ******* increase **** *********.
Stock ***** ******** / ********* ********** *****
********'* ***** *** ****** **** **** 10% ***** *** ***** ****** *** the ***** ** ***** ******* ****** what ** *** **** * ****** ago:
************, ******** *****-****** ******** (*,*) **** **** ***** ******* ******** for ********* ********** *****. ***** ***** allege **** ******** ********** ************* ********** the ******** ** *** ****** ** order ** ***** ****** ** ***** stock *****.
Editor's ****:
** ****** **, ****, ***** ********* ********* ******* ** *** ****, titled "***** ******** ** ********":
**** ****, * ****** * ****** of ******** ***** * ********* “******” at ********. ** **** ****** *** that ********* *** *** ****** *** has ***** **** ******** ** ******* prosecutors *** *** ******* ********** – which ******** ********* ***** *********** ** the *****.
** * ****** ** *** *** information **** *** **** ******** ** me, * ** ****** **** ***** in *** ******** ** ** ****** or *** *********** ** ******** ** me. * ****** ******** ** ****** that ** ******** *** ******** ******* and *******.
**** ****, * ****** *** **** and, ** * ******, * ***** like ** ****** ** ********* ********* to ********, *** * **** ******* to ****** ***** ******** **** ** website.
Vote ***
**** ** *** ****:
** **** ** ******** *** ******** to *** ** **** ** ********. It's ****** *** ***** ** ****. There's **** ** ******* ** *** stock ** ***** ** ******** ** fall. ** ****** **** **.**% ** the ***, *** **** ***** **** where ** *** **** ** *********. It's **** ******** ****** ***** *** most ** *** ***.
**'** ****** **/**** ******** ******** ** the ***** ******. ***** ***** *** waiting, ** **** — ***** ******** to **** ** ******* ***** **** on ***** ****** **** ** ********.
***** **** **** *** ********, *'** asked **** ******** ***** ** **** were ***** ** *** ****** *** saw *** ******* **** *****, ** addition ** **** **** ********* **** Ubiquiti ********. **** *** ****** *** of ** *** *** ***** ***** to *****. *** **** ** ** found ** ** *** ****. ** we *** *** **********, *** *** sure ** ** *** (** *** use *****), **'* ******* *** **** users ******** *** *** ******** ******.
** **** ** *** ***** ****** else ** ******* ***** **, *'* also ** ******* ** ****.
* ***'* ****** ********* ** ***** from ********. * *** **** ***** this ******* ***** ****** ******* ** the ****, *** ******* **** ****.
***** ***** ***** ** ** *** last *** ****. **** **** ******* email (****) *** ***** ** ** inbox. * **** **** **** *** read ** ** **** ** *** emails * *** **** **** *** marketing. ******* * **** * ****** password *** **** ******* *** ******* but * **** **** *** **** to **. *'** **** ****** **** LastPass ** ****-****** ********* *********...***** *'** be ********** **** *******.
** ****'* *** ***** **** ********? LastPass ******** *** *** *** *** set *** ******* ** ****** **** closing *** *******. *** ***** **** password ******** ** ****** ***** **** logged ** ** *****. ** **** users * *** *** ****** ****** for ***** ******** *******. **** *** are ** * ********'* ******** *** they ****** *** ********, * ********* suggest ** ** **** ****** ****** as **'* ******** ** *****. **** choose *********** **** ********. * *** LastPass *** **** *** * *****, but ** ** *****, ** *****'* remain ****** **.
****** *** *** ****. * **** every ******** *** *** ** ***** is *** *** **** **** **** someone ***** **** ****** ****** ** the ******** *******. * ****** **** LastPass *** ****** *** ** * recall *********, ** **** *** ******** due ** *** ****** ********** ** place. * ***** * ** ******* for ** **** * ***** ****. She **** ****** *** ****** ******** and *** ** ***** *** *******. However, *** ***** **** *** **** and ***** ** *** *******.
* ******* ******* ** ***** **** which *****'* **** ** ****** ***** accessed ******** **** **** *****.
** ** ******** ***'* *** ***** for ********, ***** *** ******** ******** must ** ** *****. ** ******* could **** ****** ** *** ****** password **** ****** ***********, **** *******'* have *** ****** *** ** *** industry ** **** ******* ***** **** are ****** ** ** *** ******* should **** **** *********** *** **** how ** ** ***** **** **.
** **** ****'* **** *** ******* or *** * .*** ****** ****** of *** ******** *********, ****'* ** them, *** ********. ******** ***** ******* 2FA, *** *** *** **** ** going ** ****** ** *********** ** be *** *** ** ***********.
* **** **** *** ** ********* for **** ******** * ***'* ****** care ***** (**** *** ****) *** need ** ******. * ******* *** password ** ******* ** ** ******* issue. ** **'* *** *********, ** can't ******** **. ** **'* *** complex, ** **** ** ***** ** down ** ***** ** *********. ******** managers **** ***** ******* ** ***'* remember * ********* ******* ******** *** every ****** ******* *** ********* **** so **** ******** ** **** ***** of.
**** ** *** ***** **** *******; many ***** ***'* **** ****** ********* or *** ** ***** ***** ******** and **** ***'* ******* **** *** email ******* *** ** * *** to **** ********, ********** ** *** isn't ******* ** * *** ** accounts. ** **** **** ***** *** too **** ** ******* *** ******* it's ** ***** **** *** **** users *** ********* *** **** *** convenience.
**********. ** *** ****** ******** ******* gets ******, ****'* ******** *** ** LastPass. *****'* *** **** ******** *** do ** *** ** ***** ***** does ********* ****. **'* ** ** Ubiquiti ** ***** ***** ****** ****** and *** *** ***** ******** ** place.
* **** ****** ***'* **** *** wrong ******* **** ****. ** **** Hunt *** **** ****** *** *****,******** ******** ***'* **** ** ** perfect, **** ****** **** *** ***** one. (******** *** *** ****************, ******)
**** ***** ***'* **** ****** ********* or *** ** ***** ***** ******** and **** ***'* ******* **** *** email ******* *** ** * *** to **** ********, ********** ** *** isn't ******* ** * *** ** accounts.
****** **
***** ** ***** **?
** **** ***** *** ********* *** enable *** *** *** **** *****.
**** ** ******** ****** *******. **********, only * ** * ******** **** affected ****.
Update: ******** ******** *********
******** *** *** ******** ********* ** Krebs ** ***** **** ******* *** has******** * ********* ** *** ******.
******** ** ******** ** ***** ******** analysis ** *** ******* **** ***** that ******** **** *** *** ********:
...****** **** **** ******* *** ******* with ******* ** *** ******** ** customer **** *** *** ******** ** our ******** ***** *** ************ ** January **.
**** **** *** *** ******** ********* to ****** **** ***** ****** ** releasing ****** **** *** **** ******** IT *********** *** ***** ******* ** have ******** ******** ****. **** **** go ** ** *** **** *** working **** *** *********** *** ****** comment *******.
*******, ******* ******* *** ** ********* ******** ** ********'* *********, *** whistleblower ****** **** ******** *** *** logging ******** ******, ** **** ****** know *** **** **** **** ********* have/do *** ****.
********'* ****** *** ********* ****** **** discussions ** **** *****, *** * lot ** ******* **********:
** **** **** ***** ***** ******** for ***** *** *** **** ****** been ***** **** *** *******. ** terms ** ** *********** ********** *** majority ** ******* ** *** ** conjunction **** ***-******** ******** ******** **** not ******* *** **** ** ***** access (*******, **'*, ***...) *** **** again ***** ** *** **** ***** that ** ****** ** "******" ** manage ******** ** *** ************ ****** safeguards *** **** **** ************ *** your ******* *** *******. ********* ******** will ** * ****** **** *********** moving ******* ***** ***** ** **** using ***** ******* ***** **** ** support ** *** ******* ***** **** issue **** **** ** ******** ***** other ******* **** ****** ** ***'* use ***** ***** *** ******** *** utilize *** *** *** ***********.
* *** ******** ** ****. * searched ** ***** ******* *** *** account ** **** **** ******** *** I **** *** ******** *** ************ about ****.
*** ************* ** **** ***** ***'* automatically ** *******, ** **** ** reported **** ** ***'* *** **** did *******; *'* *** *** *** epic **** ********* ** ****** ******* meets **. *****... *** **** **. They *** **** ****** ***** ************, and *'* *** ********* *** ************* with *** ********, * **** ***** that **** ***** ** *** *** this ***** ***** ****,
* ** **** ***** ********** ******, this ***** *** **** ***** **** a ***** ***** *** ** ****** several **** ** ***** ***** ** Ubiquiti. * **** ** **** ******* blower *** ***, **'* ******* ****** now.
* ** **** ***** ********** ******, this ***** *** **** ***** **** a ***** ***** *** ** ****** several **** ** ***** ***** ** Ubiquiti. * **** ** **** ******* blower *** ***, **'* ******* ****** now.
***, ****'* ********, *** ***'** ********** that *** ************* ********* * ******* crime.******* ******* - *********
* *******'* ************ *********** ... ********* as ******** ** ***** *** ******* has * ***** ** ********* ***. The *********** **************** ** **** *********** in ********* ** * ********* **** ... *********** ***** **** ** ************ – *** ********** ************* ** ***'* own *** ** *** ***** ** goods ********* ** ***'* **** ** another.
***, * **** ***** ** **** story ***** *****.
***** **** *** **** ******* ***** about *** ************* *** ***** ** trustworthy. ** ********, ****** ******* *** ***************** ***** *** **** ** *** first ***** *** ****** ** ****** Ubiquiti *******. ***** ******** ****'* *** up, ** ***** *** ***** ** Krebs. ***** ****** * ****** ** here:******** ********* ******* **** *********, ******* 2020 “******” – ***** ** ********
***, ** ***** ************ ** ***** ***** *** **** of *** ****** ** ****. * *** **** *** ********* was ****** ******** ** *** ****, but *'* *** **** **** **** much ** ***** **.
* ***'* ************* ***** **************, *** Brian ***** *** **** ****** *** a **** **** *** ***** ***** things *********. ** ** ****** ******** that ** ***** ******* ** ***** claims ******* ********* ******* *** ************* first. **'* ******** **'* *** ******, but * ***'* ***** **'* ******.
* *****. * ***'* ***** ****** it ***** ******** ** ********** ***** if *** ******* ****** ****'* ******* the *****. *** ** * ***** Krebs ****** ******** ** ********** *** whistle ******....
**** ** *** ******* ***.. ** hold * **** ***** ** ** comments. * ***** **** **** ** the **** ******* **** ** **** be *********** ** *** * **** investigation.
*** ***** ** *** ** **** this ** ****** ***** ** ****** a **** *************, ** ***** ****:
“** *** **************** ***** **** ********, and ***** ******** *** ********* ******* to ********** ******* *********,” **** ***** in * ****** ** *** ******** Data ********** **********.
******* ** *** ******** **** ********** Supervisor ***, ** ******, ** **** cases, ********** **** **** ****** ******* an *************. **** ** *** ******* I ** ******* ** *** ******.
** **** ***** ** ***-******* *** started ******** **** ********* ***** ********** efforts *** ********** ********. **'** **** selling *** ********** ******** ***** '**. Even **** *** ******* ******** *** feature ************* ****** *** *****-****** **** always **** *** ******. ** *** many ** *** ********* **** ***** all **** ******* ***** ***** ***** services *** ***** ********** *** **** before ********* **** **** ***** ******. We **** ******** ******** ***** ********, so **** ** **** ***'* ***** their ***** ********** ******** ** ***** last *****(******** **** ******** ** *****).
*** ***** ** **** ***** ***** controller ***** *****'* ******* *** ******* using * ***** *******. * ***'* want ** *** * ***** *******. I **** ***, *** **'* *** connected ** *** **********. *** **** find **** ***** ***** ********** ***, especially ***** **** ****** *********** ** into ****.
* ***** ******** ** ****** ******* shit ** ***** ** ************* ******. They **** *** ****** **** **** want ** ** *** ***** *** then **** ** **** ****** *** excuse ** *** ****** * ***** team ** * ***** ***** *** they **** ****** *** ** * result. * **** **** **** ******** way *** **** ******** *** ******* (especially ** ****** *****) *** **** have ** ***** *********. *** *** pissed * *** ** ****** *** when ** ****'* ******* ***** ***********. They ***** *** ********* ** *** forum *** ******** ****** ** ** support. *** **** ******** * **** as ** *** ****.
*'* *** **** **** ********* **** realize **** ***** ** ***** **** without ****** ********-******* *************. ********'* ********'* aren't ********* *** ***** ** *** typical ********* ******** ********* ***'* **** as **** **** **** ******* **** base ** ***** *********** *** ****** make **** ******** ** *****.
* ***** *** ***** ********, *** I'm ****** ********* ***** ***** ********* and *** ****** **** *****'* ******* much *************.
*'** ***** **** **** ** * fan. * **** ***** *** ********* and **** ****** ******* *** ******** build ******* ** **** *** *********** of ***** ******** ***** ** **** or ***** **** ***** ***********.
*************, **** **** *****:Never ***** *** ******** *** * ********... *** **** ** ***** *** ****...Damn shame, highly innovative and top products. But security is often sloppy (at many companies). If all this is true, it is close to "intent".
* *****'* **** **** *** * firewall ****** ** * *** *********** applications * **** *** ***. ***** firewalls ****'* **** ***** *** ****'* very ******** ** ***** ** *** Unifi ****. * **** *** ******* firewalls **** ********'*.
*******, *** ******** ***** **** ****** then ** **** *** *** * firewall. ** *** *** *** ******* from **** *** ***** ** **** major **********, **** ***** *********** *** in *** ******* ******* * ****** of ******* **** *** ********* ** a ***** ******.
**** ***** ****** ** ** ******* to ******* ********* ** ***** *** cloud **** ********.
***** ***+ ******** *** ** *****, Ubiquiti **** ****** ************ ****** ********** *** ***** *******.
* ****'* *** *** ******** ** the ******, *** * *****'* **** up **** ** ***** *** *******. I'm *** **** **** *** ********** were, *** *** ****** ** ******* that ****** ****'* *****.
** * **** ****, ** ***** that ******** *** **** *********** *** days **** *** ** ************ ***.
******* ** ****** ** *** **** on *** **** ** ****...
**** ***** *********, *** ********, *** the **** ******* ** **** ***** combined ** ****. **'* * ******* in ** **** ********* ****** ** operation. ***** ** * *****, ******* as ********** ********, ****'** **** ********* in ** **********. **** ** *** member **** ********* **** *********. * trust *****, *** ** **** ***** his ****** ** **** ** ******* on **** *** *** *********. ********** to *** ***** **** ****, ** anywhere ** ***.