Bad Ubiquiti! Bad Vendor!

Remember that Ubiquiti (UI) security breach a while back? Well, looks like it’s much (much) worse than they let on. Not only in the degree and scope of what was compromised, but also how long it took for them to notify customers and with that response in general. The TLDR; is that they put everyone at massive risk because stock price…

“It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers,” Adam wrote in a letter to the European Data Protection Supervisor. “The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.”

Ubiquiti has not responded to repeated requests for comment.

According to Adam, the hackers obtained full read/write access to Ubiquiti databases at Amazon Web Services (AWS), which was the alleged “third party” involved in the breach. Ubiquiti’s breach disclosure, he wrote, was “downplayed and purposefully written to imply that a 3rd party cloud vendor was at risk and that Ubiquiti was merely a casualty of that, instead of the target of the attack.”

Krebs

 

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments