Wi-Fi slinger Ubiquiti hints at source code leak after claim of ‘catastrophic’ cloud intrusion emerges

2021-04-01 04:58

Wi-Fi kit-slinger Ubiquiti has suggested the attacker that accessed some of its cloud-hosted systems in January 2021 may have made off with source code and employee logins, not the customer data it initially warned could be in peril.

Ubiquiti has not said when the external experts decided customer data was untouched.

The update on Wednesday was published two days after Krebs On Security reported that it has seen a letter from a whistleblower to the European Data Protection Supervisor that alleges Ubiquiti has not told the whole truth about the incident.

The whistleblower separately claimed that whoever was able to break into Ubiquiti's Amazon-hosted servers, they could have swiped cryptographic secrets for customers' single sign-on cookies and remote device access, internal source code, and signing keys - far more than the Wi-Fi box maker disclosed in January.

If Ubiquiti staff credentials were obtained, as even Ubiquiti itself now suggests, the attackers could have comfortably gained "Access to customers' devices deployed in corporations and homes around the world," as the whistleblower's letter put it.

To summarize: source code for Ubiquiti products and other internal info may have been exfiltrated, servers may have been rooted, and whoever's responsible may be a current or former employee of the company... yet other than with a few stray words, Ubiquiti has chosen to focus on a personal privacy issue it says is not actually a problem.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/04/01/ubiquiti_data_breach/

#cloud #leak #sourcecode #wifi