[BreachExchange] Ubiquiti tells customers to change passwords after security breach

[Destry Winant]

https://www.zdnet.com/article/ubiquiti-tells-customers-to-change-passwords-after-security-breach/

Networking equipment and IoT device vendor Ubiquiti Networks has sent
out today notification emails to its customers informing them of a
recent security breach.

"We recently became aware of unauthorized access to certain of our
information technology systems hosted by a third party cloud
provider," Ubiquiti said in emails today.

The servers stored information pertaining to user profiles for
account.ui.com, a web portal that Ubiquiti makes available to
customers who bought one of its products.

The site is used to manage devices from a remote location and as a
help and support portal.

According to Ubiquiti, the intruder accessed servers that stored data
on UI.com users, such as names, email addresses, and salted and hashed
passwords.

Home addresses and phone numbers may have also been exposed, but only
if users decided to configure this information into the portal.

How many Ubiquiti users are impacted and how the data breach occurred
remains a mystery.

It is currently unclear if the "unauthorized access" took place when a
security researcher found the exposed data or was due to a malicious
threat actor.

A Ubiquiti spokesperson did not immediately return a request for
comment send before this article's publication.

Despite the bad news to its customers, Ubiquiti said that it had not
seen any unauthorized access to customer accounts as a result of this
incident.

The company is now asking all users who receive the email to change
their account passwords and turn on two-factor authentication.

While initially, some users looked at the emails as a phishing
attempt, a Ubiquiti tech support staffer confirmed that they were
authentic on the company's forums.

A full copy of the email is available below, as shared today on social media.