2 min read

Ubiquiti users told to change their passwords following security breach

Graham CLULEY

January 12, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Ubiquiti users told to change their passwords following security breach
  • Breach occurred at third-party cloud provider used by IoT device manufacturer
  • Email addresses, names, and hashed and salted passwords exposed

IoT device vendor Ubiquiti has told customers that they should change their passwords after a security breach left user details exposed.

In an email sent to users, router and access point manufacturer Ubiquiti explained that it had recently become aware of a breach at a “third party cloud provider” used by the firm to host some of its infrastructure.

Data that may have been accessed includes:

  • Customers’ email addresses
  • Customers’ names
  • Customers’ hashed and salted passwords
  • Customers’ addresses and phone numbers (where provided)

What isn’t made clear in the email advisory is whether the exposed data was stumbled across by a security researcher who then informed Ubiquiti, or whether it was accessed by someone with malice in mind.

If malicious hackers were able to use the information to access the profiles of Ubiquiti customers, they would be able to change the settings of the customers’ IoT devices remotely, as well as access the support portal. And if a hacker were not able to determine account passwords from the breached data they would still have been able to use the leaked contact details to target Ubiquiti customers with scams and phishing attacks.

Ubiquiti says that it has not seen any evidence of unauthorised account access as a result of the incident.

However, the company advises that, as a precaution, customers should change their account passwords, and ensure that the same password is not being used anywhere else on the internet.

Far too many people still use the same password in multiple places online, making it easier for hackers to leverage one breach to break into accounts elsewhere on the net.

In addition, Ubiquiti recommends that customers enable two-factor authentication (2FA) for an additional layer of protection.

Ideally, Ubiquiti might have done well to reconsider how it chose to communicate the breach to its customers.

In the advisory it has sent to customers Ubiquiti encourages them to click on buttons within the email to change their passwords and enable 2FA, rather than recommend they visit the account.ui.com website. This is a trick often used in phishing emails to trick unsuspecting users into entering their login credentials on bogus lookalike websites.

Under the circumstances, might have done well to make their announcement a little less phishy-looking, and reduce the concern of their users.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read