• CEPro_logo_blue-new
  • TOPICS
      • News
        • People & Places
        • Product Briefs
      • Projects
      • Events
      • Control
        • Central Vac
        • Energy/Power
        • HVAC/IAQ
        • Interfaces/Devices
        • Lighting
        • Motorized Shades
        • Whole House Systems
      • Audio/Video
        • Audio/Video
        • AV Accessories
        • AV Racks
        • Cabling
        • Displays
        • Furniture
        • Headphones
        • Home Theater
        • Media
        • Mounts/Lifts
        • Multiroom AV
        • Projectors/Screens
        • Speakers/Subwoofers
        • Wireless AV
      • Security
        • Access Control
        • Alarms/Sensors
        • Services/Platforms
        • Surveillance/Cameras
      • Business Support
        • Associations/Buying Groups
        • Cell Phone Boosters
        • Distributors/Reps
        • Operations
        • Recurring Revenue
        • Research
        • Sales/Marketing
        • Software Services
        • Tools/Testers
      • Networking
        • Cellular
        • Devices/Equipment
        • Wireless
        • Wired/Installation
      • Markets
        • Builders
        • Commercial
        • Design
        • Europe
        • Outdoors
        • Resimercial
        • Wellness
      • CE Pro Hub Pages
        • Bose
        • Savant
        • Inside Sound United
  • PRODUCTS
  • RESOURCES
    • Reports/Downloads
    • Buyer’s Guide
    • Webcasts
    • Podcasts
    • Integrator Jobs
    • Digital Edition
    • CE Pro-iQ
  • SUBSCRIBE
    • CEDIA SHOW UPDATES
    • CEPRO PRINT EDITION
    • CEPRO DIGITAL EDITION
    • CEPRO NEWSLETTERS
  • DISCOVER
    • CEDIA Expo
      • September 29 – October 1
        Dallas, TX
      • VISIT SITE
    • KBIS
      • February 8 – 10
        Orlando, FL
      • VISIT SITE
    • Total Tech Summit
      • October 26 – 28
        Orlando, FL
      • VISIT SITE
    • Commercial Integrator
      • VISIT SITE
    • Security Sales
      • VISIT SITE
    • Tech Decisions
      • VISIT SITE
    • Campus Safety
      • VISIT SITE
    • Design Well
      • VISIT SITE
    • KBB Online
      • VISIT SITE
    • AV-iQ
      • VISIT SITE
    • CE Pro-iQ
      • VISIT SITE
  • Search
  • TOPICS
    • News
      • People & Places
      • Product Briefs
    • Projects
    • Events
    • Control
      • Central Vac
      • Energy/Power
      • HVAC/IAQ
      • Interfaces/Devices
      • Lighting
      • Motorized Shades
      • Whole House Systems
    • Audio/Video
      • Audio/Video
      • AV Accessories
      • AV Racks
      • Cabling
      • Displays
      • Furniture
      • Headphones
      • Home Theater
      • Media
      • Mounts/Lifts
      • Multiroom AV
      • Projectors/Screens
      • Speakers/Subwoofers
      • Wireless AV
    • Security
      • Access Control
      • Alarms/Sensors
      • Services/Platforms
      • Surveillance/Cameras
    • Business Support
      • Associations/Buying Groups
      • Cell Phone Boosters
      • Distributors/Reps
      • Operations
      • Recurring Revenue
      • Research
      • Sales/Marketing
      • Software Services
      • Tools/Testers
    • Networking
      • Cellular
      • Devices/Equipment
      • Wireless
      • Wired/Installation
    • Markets
      • Builders
      • Commercial
      • Design
      • Europe
      • Outdoors
      • Resimercial
      • Wellness
    • CE Pro Hub Pages
      • Savant
      • Bose
      • Inside Sound United
  • PRODUCTS
  • RESOURCES
    • Reports/Downloads
    • Buyer’s Guide
    • Webcasts
    • Podcasts
    • Integrator Jobs
    • Digital Edition
    • CE Pro-IQ
  • SUBSCRIBE
    • CEPRO PRINT EDITION
    • CEPRO DIGITAL EDITION
    • CEPRO NEWSLETTERS
    • CEDIA SHOW UPDATES
  • DISCOVER
    • Cedia Expo
      VISIT SITE
    • Commercial Integrator
      VISIT SITE
    • Security Sales
      VISIT SITE
    • Tech Decisions
      VISIT SITE
    • Campus Safety
      VISIT SITE
    • Design Well
      VISIT SITE
    • Total Tech Summit
      VISIT SITE
    • KBB Online
      VISIT SITE
    • AV-iQ
    • CE Pro-iQ
M
POPULAR SEARCHES
News
Projects
Control
Audio Video
Security
Business Support
Markets
SUBSCRIBE CEDIA EXPO CEPro-iQ
CEPro 100 | Networking | Security | Wireless
April 6, 2021

Whistleblower Claims Ubiquiti Significantly Downplayed Major Data Breach

The group of hackers accessed Ubiquiti's Amazon Web Services database and pledged to disclose the location of a backdoor if a ransom in Bitcoin was not provided.
Rodney Bosch  
An employee at Ubiquiti anonymously alleged that hackers obtained full read/write access to the company's databases at Amazon Web Services (AWS).
Article:
CEPro 100 | Networking | Security | Wireless
April 6, 2021

Whistleblower Claims Ubiquiti Significantly Downplayed Major Data Breach

A data breach that network router manufacturer Ubiquiti Networks reported to its customers earlier this year is far worse than the company initially declared, a whistleblower asserts.

On January 11, Ubiquiti, the No. 4 most used cybersecurity/firewall network system among the CE Pro 100 with 15% usage, alerted customers via an email of a breach to certain “information technology systems hosted by a third-party Cloud provider.” The company stated it was “not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed.”

Now a cybersecurity professional at Ubiquiti, who helped the company respond to the breach beginning in December, has anonymously claimed the public notice was intentionally misleading and fails to fully capture the severity of the attack.

The anonymous employee spoke to Krebs on Security after first reporting his concerns with both Ubiquiti’s whistleblower hotline and with European data protection authorities. The source spoke on condition of anonymity for fear of retribution by Ubiquiti, according to Krebs on Security.

Hackers Access Amazon Web Services, Demand Bitcoin Ransom

The source alleges that hackers obtained full read/write access to Ubiquiti’s databases at Amazon Web Services (AWS). After the company’s security team identified one backdoor the intruders were using, the hackers responded by demanding a ransom of 50 bitcoin ($2.8 million) or they would publicly disclose the breach. Ubiquiti, which also markets enterprise access control solutions and video surveillance hardware, did not respond.

CE Pro 2022 Product Guide

CE Pro's 2022 Product Guide showcases some of the latest and innovative solutions from manufacturers serving the custom electronics industry in a cross-section of categories.

Download the guide now!

The hackers also provided proof they had pilfered Ubiquiti’s source code, and threatened to disclose the location of a second backdoor if their ransom demand was not met. The company elected not to engage the attackers, according to the source. The second backdoor was eventually detected and Ubiquiti began the process of securing employee credentials.

powerhouse alliance outlook
Related: PowerHouse Alliance Reports 200%+ Growth in Networking Equipment Sales

The company asked customers to change their passwords in the January 11 email. However, the whistleblower said Ubiquiti “should have immediately invalidated all of its customer’s credentials and forced a reset on all accounts, mainly because the intruders already had credentials needed to remotely access customer IoT systems.”

The whistleblower says the company’s claim that it had no proof of customer data exposure was highly misleading. Ubiquiti doesn’t keep data logs, so it could not know one way or the other what hackers had accessed.

Following the Krebs on Security report, Ubiquiti has released a second statement that didn’t deny the whistleblowers claims and appeared to backtrack on its initial blaming of a third party.

“At this point, we have well-developed evidence that the perpetrator is an individual with intricate knowledge of our cloud infrastructure,” the statement says. “As we are cooperating with law enforcement in an ongoing investigation, we cannot comment further.”


This article originally appeared on our sister publication Security Sales & Integration‘s website.

ABOUT THE AUTHOR

Follow
Rodney Bosch:
Although Bosch’s name is quite familiar to those in the security industry, his previous experience has been in daily newspaper journalism. Rodney Bosch is an editor for CE Pro sister publication Security Sales & Integration. Bosch is a graduate of California State University, Fresno with a degree in Mass Communication & Journalism. In 2007, he successfully completed the National Burglar and Fire Alarm Association’s National Training School coursework to become a Certified Level I Alarm Technician.
View Rodney Bosch's complete profile

ARTICLE TOPICS

CEPro 100 • Networking • Security • Wireless

ARTICLE TAGS

Amazon • Cybersecurity • Ubiquiti

SHARE

Share On Facebook
Share On Twitter
Share On Linkedin
Share On Whatsapp
Share Via Email
Copy URL
← Previous Article Next Article →
Article Amplifiers/ReceiversAudio/VideoDesignEventsHome TheaterISEMarketsNewsProductsSpeakers/Subwoofers

McIntosh, Sonus faber Exhibit at ISE 2023

As part of McIntosh and Sonus faber's ISE 2023 exhibit the brands will be demonstrating a 7.4.4 home theater system that includes a Sony VPL-GTZ380 laser projector.
Article Amplifiers/ReceiversAudio/VideoHome TheaterMediaMultiroom AVNewsWireless AV

Rick Beato’s Preferred AV Demo List

Instead of the typical audiophile spin, music educator Rick Beato provides a musician’s perspective on how to choose and how to listen to music.
Article Amplifiers/ReceiversAudio/VideoDesignEventsHome TheaterISEMarketsNewsProductsSpeakers/Subwoofers

McIntosh, Sonus faber Exhibit at ISE 2023

As part of McIntosh and Sonus faber's ISE 2023 exhibit the brands will be demonstrating a 7.4.4 home theater system that includes a Sony VPL-GTZ380 laser projector.
Article Business SupportNewsOperationsResearch

Voting Open for 13th Annual CE Pro Quest for Quality Awards

CE Pro Quest for Quality Awards will recognize manufacturers and distributors who helped mitigate the supply chain & rising prices in 2022.

SHOW NEWSLETTER

Sign Up

CE Pro

Subscribe Sign Up

Content Types

News
Products
Projects
Companies
Downloads
Webcasts
Podcasts
Events

Specials

IntegratorJobs
CEDIA EXPO
CE Pro 100
CE Pro Summit
Awards Programs

Company Info

About
Contact Us
Customer Service
Media Solutions & Advertising

Subscribe

Magazine
Newsletters
Digital Edition

Connect

Twitter
Facebook
LinkedIn
YouTube
RSS Feed

Categories

AUDIO/VIDEO
AV Accessories
AV Racks
Amplifiers/Receivers
Cabling
Displays
Furniture
Mounts/Lifts
Multiroom AV
Projector Screens
Speakers/Subwoofers
Wireless AV
CONTROL
Central Vac
Energy/Power
Interfaces/Devices
HVAC/IAQ
Lighting
Motorized Shades
Whole-House Systems
NETWORKING
Cellular
Devices/Equipment
Wireless
Wiring/Installation
SECURITY
Access Control
Alarms/Sensors
Services/Platforms
Surveillance Cameras
BUSINESS SUPPORT
Associations/Buying Groups
Distributors/Reps
Operations
Recurring Revenue
Research
Sales/Marketing
Software/Services
Tools/Testers
MARKETS
Builders
Commercial
Design
Europe
Outdoors
Wellness
FOLLOW US ON
  • Follow
  • Follow
  • Follow
  • Follow
  • Follow

© 2023 Emerald X, LLC. All Rights Reserved.

  • ABOUT
  • CAREERS
  • TERMS OF USE
  • PRIVACY POLICY

McIntosh Labs

McIntosh Labs