'No customer info accessed' in Ubiquiti breach
- 06 April, 2021 10:42
Ubiquiti Networks has claimed its January security breach saw no evidence of hackers accessing customer information despite the fact it cannot track this, according to cyber security expert Brian Krebs.
In a statement dated 1 April, the networking equipment and internet of things (IoT) device vendor said that external incident response experts conducted an investigation on the matter and “identified no evidence that customer information was accessed, or even targeted”.
“The attacker, who unsuccessfully attempted to extort the company by threatening to release stolen source code and specific IT credentials, never claimed to have accessed any customer information," Ubiquiti said.
“This, along with other evidence, is why we believe that customer data was not the target of, or otherwise accessed in connection with, the incident.”
Additionally, the vendor also claimed that it has “well-developed evidence that the perpetrator is an individual with intricate knowledge of our cloud infrastructure”.
Among other claims, Krebs said the source wrote in a letter to the European Data Protection Supervisor that Ubiquiti had “negligent logging”, and therefore would not be able to prove or disprove what was accessed.
This lines up with KrebsonSecurity’s reporting on the matter, with Krebs claiming in a follow up report that the source said that the claims about there being no evidence of accessed data stems from the fact that it did not capture that evidence in the first place.
Previously, Krebs said the source claimed that Ubiquiti’s legal team overrode attempts to protect customers, that hackers had full read/writer access to its databases at Amazon Web Services (AWS) and had attempted to hold their silence about the breach at a ransom of 50 bitcoin, or roughly US$2.8 million.
Even though the vendor claimed there was no evidence of any customer data being stolen, it did recommend that users change their passwords if they have not done already, as well as encouraging users to enable two-factor authentication.