Security News > 2021 > March > Whistleblower: Ubiquiti Breach “Catastrophic”

On Jan. 11, Ubiquiti Inc. [NYSE:UI] - a major vendor of cloud-enabled Internet of Things devices such as routers, network video recorders and security cameras - disclosed that a breach involving a third-party cloud provider had exposed customer account credentials.

Now a source who participated in the response to that breach alleges Ubiquiti massively downplayed a "Catastrophic" incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.

A security professional at Ubiquiti who helped the company respond to the two-month breach beginning in December 2020 contacted KrebsOnSecurity after raising his concerns with both Ubiquiti's whistleblower hotline and with European data protection authorities.

According to Adam, the hackers obtained full read/write access to Ubiquiti databases at Amazon Web Services, which was the alleged "Third party" involved in the breach.

Ubiquiti's breach disclosure, he wrote, was "Downplayed and purposefully written to imply that a 3rd party cloud vendor was at risk and that Ubiquiti was merely a casualty of that, instead of the target of the attack."

Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on cookies.

News URL

https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/