A data breach that network router manufacturer Ubiquiti Networks reported to its customers earlier this year is far worse than the company initially declared, a whistleblower asserts.
On January 11, Ubiquiti, the No. 4 most used cybersecurity/firewall network system among the CE Pro 100 with 15% usage, alerted customers via an email of a breach to certain “information technology systems hosted by a third-party Cloud provider.” The company stated it was “not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed.”
Now a cybersecurity professional at Ubiquiti, who helped the company respond to the breach beginning in December, has anonymously claimed the public notice was intentionally misleading and fails to fully capture the severity of the attack.
The anonymous employee spoke to Krebs on Security after first reporting his concerns with both Ubiquiti’s whistleblower hotline and with European data protection authorities. The source spoke on condition of anonymity for fear of retribution by Ubiquiti, according to Krebs on Security.
Hackers Access Amazon Web Services, Demand Bitcoin Ransom
The source alleges that hackers obtained full read/write access to Ubiquiti’s databases at Amazon Web Services (AWS). After the company’s security team identified one backdoor the intruders were using, the hackers responded by demanding a ransom of 50 bitcoin ($2.8 million) or they would publicly disclose the breach. Ubiquiti, which also markets enterprise access control solutions and video surveillance hardware, did not respond.
What Happens When Crime Prevention Meets AI (And Why We Can’t Rely on AI Alone)
In an era where crime continues to evolve, relying solely on AI-based solutions proves insufficient in preventing sophisticated threats and false alarms. The webinar will emphasize the paramount importance of human judgment and intuition in tandem with AI technology to create a truly complete security solution. Our session will explore how Deep Sentinel’s revolutionary approach combines the best of both worlds—advanced artificial intelligence and the presence of highly trained human guards. Together, these elements create an unparalleled level of protection for residential and commercial properties alike. Join our panel of esteemed lighting experts that will dive into why it’s time for integrators to rethink their role in the outdoor lighting industry. Register Now!The hackers also provided proof they had pilfered Ubiquiti’s source code, and threatened to disclose the location of a second backdoor if their ransom demand was not met. The company elected not to engage the attackers, according to the source. The second backdoor was eventually detected and Ubiquiti began the process of securing employee credentials.
The company asked customers to change their passwords in the January 11 email. However, the whistleblower said Ubiquiti “should have immediately invalidated all of its customer’s credentials and forced a reset on all accounts, mainly because the intruders already had credentials needed to remotely access customer IoT systems.”
The whistleblower says the company’s claim that it had no proof of customer data exposure was highly misleading. Ubiquiti doesn’t keep data logs, so it could not know one way or the other what hackers had accessed.
Following the Krebs on Security report, Ubiquiti has released a second statement that didn’t deny the whistleblowers claims and appeared to backtrack on its initial blaming of a third party.
“At this point, we have well-developed evidence that the perpetrator is an individual with intricate knowledge of our cloud infrastructure,” the statement says. “As we are cooperating with law enforcement in an ongoing investigation, we cannot comment further.”
This article originally appeared on our sister publication Security Sales & Integration‘s website.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!