Security News > 2021 > April > Ubiquiti cyberattack may be far worse than originally disclosed
The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks.
Despite any evidence of access to any databases with user info, Ubiquiti could not guarantee that user details had not been exposed.
According to someone involved in the breach response that spoke to Brian Krebs under the condition of anonymity, Ubiquiti greatly downplayed the intrusion to protect its stock price.
Ubiquiti noticed in late December multiple Linux virtual machines that the intruder had set up.
According to Krebs' source, Ubiquiti did not have access logging for databases, meaning that it could not check what the hacker accessed.
Supposedly, the intruder targeted the credentials to the databases and "Created Linux instances with networking connectivity to said databases," so it is possible that they could access customer systems remotely when Ubiquiti sent out the data breach notification.