If you have a network either at home or at your office, it’s quite likely that you’ve got a few pieces of Ubiquiti equipment somewhere in the mix. Ubiquiti is a major player in the network device market, best known for its UniFi line of networking products, paired with a cloud-based management platform.
Unfortunately, its success in the market has also made it a tempting target for hackers.
Recently, the company has begun notifying customers of a data breach and sending out instructions to change passwords on the Ubiquiti system and enable 2-factor authentication in order to provide an added layer of security.
The notification they emailed out to their customers reads in part as follows:
“We recently became aware of unauthorized access to our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.
We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.”
The matter is still under investigation, and new findings may change the evolving situation. However, as outlined above, there doesn’t appear to be any risk to proprietary customer data, which is a very good thing. The instructions regarding changing passwords and enabling 2FA were sent with the notification “out of an abundance of caution.”
This is a good, proactive response, and one other businesses around the world should seek to emulate if or when they fall victim to some kind of hacking attack that sees their network breached. While we’re sorry to see any hacking effort succeed, kudos to Ubiquiti for their response to this point.