Security News > 2021 > April > Ubiquiti Shares Dive After Reportedly Downplaying 'Catastrophic' Data Breach

Shares of New York City-based IoT device maker Ubiquiti fell significantly this week following a report claiming that the recently disclosed data breach was "Catastrophic" and that its impact was downplayed.

Cybersecurity blogger Brian Krebs reported on Tuesday, March 30, that he learned from someone involved in the response to the breach that Ubiquiti "Massively downplayed" an incident that was actually "Catastrophic," in an effort to minimize impact on its value on the stock market.

The attacker obtained privileged credentials from an Ubiquiti employee's LastPass account and "Gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on cookies," according to the source.

According to Krebs, Ubiquiti discovered the breach in late December 2020 and later removed a couple of backdoors planted by the attacker - the firm reportedly did not engage with them.

Krebs' source claimed that Ubiquiti couldn't have found any evidence of access to customer data because it didn't actually have any access logs that it could check.

Now, following news that the breach may have been bigger than the company led customers and investors to believe, Ubiquiti shares are down to $290 at the time of publishing.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/6Fh-JNeuyDc/ubiquiti-shares-dive-following-report-it-downplayed-data-breach