Ubiquity data breach

Has any one else seen this yet?

"We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.

We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.

As a precaution, we encourage you to change your password. We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so.

We apologize for, and deeply regret, any inconvenience this may cause you. We take the security of your information very seriously and appreciate your continued trust.

Thank you,
Ubiquiti Team"

Yes, it is the prior post to yours in this section of the forum.

1 Like

I bet that other companies use the same third party cloud provider that was breached.

Anymore information on the topic?
Did you guys disable remote access?

well look like it is worse than expected.


@Spectre - It is important to remember: A cloud provider is responsible for the security of the infrastrcture, etc. they are providing. The user is responsible for the correct configuration and controls of the solution. Basically, the cloud provider is responsible for the security of the cloud, the user is responsible for security in the cloud. Cloud Security is a Shared Responsibility.

The issue was not with AWS. It lies with Ubiquiti.


And people wonder why I so often rant against cloud-managed infrastructure.


Manage your own stuff and stop giving so much trust to third parties!!!