We’ll hear more about this from Adam in a bit.Īccording to Adam, the hackers obtained full read/write access to Ubiquiti databases at Amazon Web Services (AWS), which was the alleged “third party” involved in the breach. ET: In a post to its user forum, Ubiquiti said its security experts identified “no evidence that customer information was accessed, or even targeted.” Ubiquiti can say this, says Adam, because it failed to keep records of which accounts were accessing that data. Ubiquiti has not responded to repeated requests for comment. “The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.” “It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers,” Adam wrote in a letter to the European Data Protection Supervisor. The source - we’ll call him Adam - spoke on condition of anonymity for fear of retribution by Ubiquiti.
Now a source who participated in the response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.Ī security professional at Ubiquiti who helped the company respond to the two-month breach beginning in December 2020 contacted KrebsOnSecurity after raising his concerns with both Ubiquiti’s whistleblower hotline and with European data protection authorities.
a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras - disclosed that a breach involving a third-party cloud provider had exposed customer account credentials.
0 kommentar(er)
