Networking device manufacturer Ubiquiti has started emailing clients to warn them of a security incident that may have exposed customer data. Ubiquiti is a popular device manufacturer and is best known for its UniFi line of network products and a cloud management platform. The company began emailing customers to change their login credentials and enable two-factor-authentication (2FA) after an attacker gained access to their systems hosted by a third-party cloud provider. The email to their customers stated, “We recently became aware of unauthorized access to certain of our information technology systems hosted by a third-party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.” The company states that they are not aware of any maliciously accessed customer database but cannot rule out the possibility. All Ubiquiti UniFi device owners are required to create cloud accounts to be able to manage their devices instead of being able to manage their devices locally. The UniFi cloud services suffered an outage this weekend but it is unknown if the outage and the security incident are related.
Analyst Notes
All UniFi cloud service users are highly recommended to change their login credentials and to use 2FA whenever possible. Companies that use third-party services should, as part of their security profile, perform routine security audits of their internal systems and their third-party vendors. It is important to enable sufficient event logging to be able to investigate any security event to determine with confidence whether attackers accessed sensitive data or not. It is even more important to have 24/7 monitoring of security events to enable quick response and remove intruders from the environment before they have time to steal data or cause damage.
Source Article: https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/
