2 min read

Ubiquiti users told to change their passwords following security breach

Graham CLULEY

January 12, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Ubiquiti users told to change their passwords following security breach
  • Breach occurred at third-party cloud provider used by IoT device manufacturer
  • Email addresses, names, and hashed and salted passwords exposed

IoT device vendor Ubiquiti has told customers that they should change their passwords after a security breach left user details exposed.

In an email sent to users, router and access point manufacturer Ubiquiti explained that it had recently become aware of a breach at a “third party cloud provider” used by the firm to host some of its infrastructure.

Data that may have been accessed includes:

  • Customers’ email addresses
  • Customers’ names
  • Customers’ hashed and salted passwords
  • Customers’ addresses and phone numbers (where provided)

What isn’t made clear in the email advisory is whether the exposed data was stumbled across by a security researcher who then informed Ubiquiti, or whether it was accessed by someone with malice in mind.

If malicious hackers were able to use the information to access the profiles of Ubiquiti customers, they would be able to change the settings of the customers’ IoT devices remotely, as well as access the support portal. And if a hacker were not able to determine account passwords from the breached data they would still have been able to use the leaked contact details to target Ubiquiti customers with scams and phishing attacks.

Ubiquiti says that it has not seen any evidence of unauthorised account access as a result of the incident.

However, the company advises that, as a precaution, customers should change their account passwords, and ensure that the same password is not being used anywhere else on the internet.

Far too many people still use the same password in multiple places online, making it easier for hackers to leverage one breach to break into accounts elsewhere on the net.

In addition, Ubiquiti recommends that customers enable two-factor authentication (2FA) for an additional layer of protection.

Ideally, Ubiquiti might have done well to reconsider how it chose to communicate the breach to its customers.

In the advisory it has sent to customers Ubiquiti encourages them to click on buttons within the email to change their passwords and enable 2FA, rather than recommend they visit the account.ui.com website. This is a trick often used in phishing emails to trick unsuspecting users into entering their login credentials on bogus lookalike websites.

Under the circumstances, might have done well to make their announcement a little less phishy-looking, and reduce the concern of their users.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online
Silviu STAHIE

May 13, 2022

2 min read
Mozilla Says Many Health and Prayer Apps Are Pose Security Risks Mozilla Says Many Health and Prayer Apps Are Pose Security Risks
Silviu STAHIE

May 09, 2022

2 min read
$5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees $5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees
Silviu STAHIE

May 05, 2022

1 min read