Ubiquiti is one of the leading vendors of Internet of Things (IoT) devices on the cloud. Unfortunately, Ubiquiti was the victim of a data breach that exposed confidential information from customer accounts. A whistleblower within the company accuses Ubiquiti of massively downplaying the incident to reduce the hit to their stock price.
According to the source, hackers gained full-read/write access to Ubiquiti's Amazon Web Services (AWS) database. Ubiquiti announced on January 11th that it became aware of unauthorized access to data hosted on a third-party cloud provider. However, the attackers actually gained admin access to Ubiquiti's servers on AWS.
The hackers had access to user credentials to gain access to all of the Ubiquiti AWS accounts, such as all application logs, user database credentials, and other secrets necessary to forge single sign-on cookies. All of this data makes it possible for these intruders to easily verify Ubiquiti cloud-based devices across the entire world.
Ubiquiti's IT security team in December 2020 identified a backdoor that the hackers left in the system. These cybercriminals sent a message demanding 50 bitcoin in exchange for staying silent about the breach, which is worth around $2.8 million. The intruders also displayed proof that they stole their source code and promised to reveal the location of another backdoor if the ransom wasn't paid.
Ubiquiti never engaged with the hackers, as the incident response team eventually found the other backdoor. The organization also alerted customers on the importance of resetting their passwords. However, the whistleblower believes that the company should have invalidated all of its client credentials because the hackers already had access to their customer's IoT systems.
The stock price for Ubiquiti continued to rapidly grow since the initial disclosure of the data breach on January 16th. Despite a brief dip in price following the news, the stock shares for Ubiquiti have significantly grown from $243 in mid-January to $370 at the end of March. However, the stock price of Ubiquiti is around $289 since the disclosure of the true severity of the data breach.
A lack of access logging on the database made it impossible to verify if the intruders accessed any accounts. However, it's important to change the passwords on these devices. For additional security, it's a good idea to delete any existing profiles associated with these devices and download the most recent firmware update. Disabling remote access on these devices is also important due to this IT breach. Give Network Access a call to protect your organization from breaches and having your employees confidential information exposed.