Ubiquiti iniquity: Wi-Fi box slinger warns hackers may have peeked at customers' personal information

2021-01-12 02:42

Networking vendor Ubiquiti has written to its customers to advise them of a possible leak of their personal information.

"We recently became aware of unauthorized access to certain of our information technology systems hosted by a third-party cloud provider," the email opens, before adding: "We have no indication that there has been unauthorized activity with respect to any user's account."

Seen by The Reg and sent out within the past few hours, also says Ubiquiti "Cannot be certain that user data has not been exposed," and admits that if the unauthorized actors did get in, they'll have been able to access users' "Name, email address, and the one-way encrypted password to your account."

Customers who stored their physical address and phone number in their account were advised that data may also have been accessed.

It may be an indication Ubiquiti is not very good at securing its cloud resources.

After users expressed their displeasure with that arrangement, Ubiquiti promised to offer an opt-out for all data collection, but then released firmware that collected data anyway, while offering some exclusions if users edited a config file.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/01/12/ubiquiti_data_leak/

#hacker #wifi