Ubiquiti warns customers about potential data breach
American networking tech vendor Ubiquiti is asking customers to change their password because of unauthorized access to some of their information technology systems hosted by a third party cloud provider.
They did not specify the cloud provider that hosts its databases, nor how the attackers managed to gain access to them.
The scope of the Ubiquiti data breach
“We cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us,” the company explained in an online alert and and notification sent directly to users.
Ubiquiti made sure to point out that they “have no indication that there has been unauthorized activity with respect to any user’s account,” but nevertheless encouraged every users to change the password and enable two-factor authentication on their Ubiquiti accounts, and to change their password on any website where they use the same user ID or password.
It’s still unknown whether the possible Ubiquiti data breach is related with the outage to the UniFi cloud management platform experienced on Sunday (as documented on the company’s System Status page):
The page also documented a surge of users resetting their passwords that caused a delay in password reset emails being delivered.
How to change the password and enable 2FA?
Despite many customers being unhappy with the fact that they are required to create an account through the company’s cloud service to activate Ubiquiti devices, their popularity is unquestionable: Ubiquiti claims that nearly 85 million of its devices “play a key role in creating networking infrastructure in over 200 countries and territories around the world.”
The email alerts sent by the company contain direct links to the web portal (located at account.ui.com), but some users were understandably worried that the email may be a phishing attempt.
Though the legitimacy of the emails has been confirmed by Ubiquiti, it’s a good practice to avoid clicking on links in unsolicited emails.
To change their passwords, customers should visit the web portal indipendently, log in, go to Settings and select the Security tab. There, they can change their password, set a session timeout value, and enable 2FA.
Customers who have forgotten their password or aren’t sure whether they’ve set up an account in the first place can use the “Forgot password?” option, enter their email address and wait for the password reset email.