Menu
'No customer info accessed' in Ubiquiti breach

'No customer info accessed' in Ubiquiti breach

Follows claims by a source to KrebsonSecurity that the vendor had “negligent logging”.

Credit: Dreamstime

Ubiquiti Networks has claimed its January security breach saw no evidence of hackers accessing customer information despite the fact it cannot track this, according to cyber security expert Brian Krebs.

In a statement dated 1 April, the networking equipment and internet of things (IoT) device vendor said that external incident response experts conducted an investigation on the matter and “identified no evidence that customer information was accessed, or even targeted”. 

“The attacker, who unsuccessfully attempted to extort the company by threatening to release stolen source code and specific IT credentials, never claimed to have accessed any customer information," Ubiquiti said.  

“This, along with other evidence, is why we believe that customer data was not the target of, or otherwise accessed in connection with, the incident.” 

Additionally, the vendor also claimed that it has “well-developed evidence that the perpetrator is an individual with intricate knowledge of our cloud infrastructure”. 

This reporting follows claims by an anonymous security professional to Kreb’s website, KrebsOnSecurity, that its January breach was “catastrophically worse than reported”. 

Among other claims, Krebs said the source wrote in a letter to the European Data Protection Supervisor that Ubiquiti had “negligent logging”, and therefore would not be able to prove or disprove what was accessed. 

This lines up with KrebsonSecurity’s reporting on the matter, with Krebs claiming in a follow up report that the source said that the claims about there being no evidence of accessed data stems from the fact that it did not capture that evidence in the first place. 

Previously, Krebs said the source claimed that Ubiquiti’s legal team overrode attempts to protect customers, that hackers had full read/writer access to its databases at Amazon Web Services (AWS) and had attempted to hold their silence about the breach at a ransom of 50 bitcoin, or roughly US$2.8 million. 

Even though the vendor claimed there was no evidence of any customer data being stolen, it did recommend that users change their passwords if they have not done already, as well as encouraging users to enable two-factor authentication.


Tags Brian KrebsUbiquiti NetworksKrebsOnSecurity

Events

Why experience is the new battleground for partners

Join Channel Asia for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Show Comments