Security News > 2021 > April > Ubiquiti confirms extortion attempt following security breach

Ubiquiti confirms extortion attempt following security breach
2021-04-01 13:31

Networking device maker Ubiquiti has confirmed that it was the target of an extortion attempt following a January security breach, as revealed by a whistleblower earlier this week.

Ubiquiti added that incident response experts hired to investigate the breach didn't find evidence of customer information being targeted during the breach.

Ubiquiti told customers after the January security incident that the attacker compromised systems hosted at a third-party cloud provider with no indication that users' accounts were affected in any way.

Ubiquiti allegedly discovered the incident in December 2020 after the hacker already gained admin level to the company AWS accounts and databases stored on AWS. After removing a backdoor used by the attacker in January, the hacker tried to extort the networking device vendor asking for 50 bitcoins not to reveal the breach, saying that he already stole Ubiquiti source code.

As it stands, from all the info surrounding the breach exposed by the whistleblower, Ubiquiti has only confirmed the hacker's extortion attempt.

Ubiquiti shares have fallen from $349 on March 30 to $290 on April 1, after the whistleblower accused the company of downplaying the breach.


News URL

https://www.bleepingcomputer.com/news/security/ubiquiti-confirms-extortion-attempt-following-security-breach/