Ubiquiti accused of hiding a leak
It should be noted that Ubiquiti is an organization that has always been considered for having safe devices. Whenever we have equipment connected to the network, we must take into account the importance of keeping them correctly updated, safe and with everything necessary to avoid problems.
Now the company has been accused of hiding a major security breach. The company itself has issued a statement where they do not deny that this has happened. This leak took place in January. The company indicates that there was unauthorized access to some of its technology systems that are hosted by an external provider in the cloud.
More specifically, from Ubiquiti they indicated that they could not rule out that they had obtained information related to customers, email addresses, personal data, passwords … Of course, they assure that there is no evidence that this has happened.
An important recommendation given from Ubiquiti is change passwords and enable two-step authentication. This is something that we have always recommended to carry out on a regular basis. It is important to change the access codes to avoid being victims of possible security leaks and failures that may exist. In addition, two-step authentication is an extra security barrier.
Larger security breach than anticipated
On January 11 from Ubiquiti they sent a e-mail to users stating that there had been a security breach that they rated as minor. This occurred, they indicated, at a third-party cloud provider. However, the cybersecurity website KrebsOnSecurity indicated that this security breach was much more serious than previously thought.
It should be noted that Ubiquiti has promoted the use of the cloud by users. This means that many customers use this option, which has now suffered a security breach. As indicated from KrebsOnSecurity, hackers would have had access to Amazon’s cloud service.
All this has been able to give cybercriminals access to the login cookies and control data. A problem that could seriously affect the security and privacy of users who use a vulnerable device of this brand.
From RedesZone, as we always say, we recommend updating the devices as soon as possible. Not only must it be done when a vulnerability of this type arises, but whenever a new version is available. In this way we will maintain security in the best conditions and avoid problems that may also affect performance. This is something that we must apply to any device and operating system that we use.