Ubiquiti breach puts countless cloud-based devices at risk of takeover

Report: Theft of crypto secrets could allow hackers to remotely log in to devices.



Network devices maker Ubiquiti has been covering up the severity of a data breach that puts customers’ hardware at risk of unauthorized access, KrebsOnSecurity has reported, citing an unnamed whistleblower inside the company.


In January, the maker of routers, Internet-connected cameras, and other networked devices, disclosed what it said was “unauthorized access to certain of our information technology systems hosted by a third-party cloud provider.” The notice said that, while there was no evidence the intruders accessed user data, the company couldn’t rule out the possibility that they obtained users’ names, email addresses, cryptographically hashed passwords, addresses, and phone numbers. Ubiquiti recommended users change their passwords and enable two-factor authentication.


Read More...


Courtesy of Ars Technica

Article Author: Dan Goodin



This website uses cookies to ensure you get the best experience. Click here to learn more.