January 12, 2021

Ubiquiti tells customers to change passwords following data breach

By Ellen Daniel

Internet of things (IoT) vendor Ubiquiti is warning customers to change their passwords after data may have been exposed.

The company is a major networking equipment vendor, selling routers, webcams, mesh networks and smart home security devices.

In an email to customers, the company said that its systems, hosted by a third-party cloud provider, may have been accessed, with user profiles for Ubiquiti’s a web portal potentially affected.

The data “may” include names, email addresses, and one-way encrypted account passwords, meaning the passwords are hashed and salted, as well as the address and phone numbers of some customers.

Ubiquiti said that currently there is “no indication that there has been unauthorized activity with respect to any user’s account” and that there was no evidence that any databases that host user data had been accessed. However, the company said that it could not “be certain that user data has not been exposed”.

As a result, Ubiquiti is now asking customers to change their account password and enable two-factor authentication as a precaution. It also recommends that customers change any passwords for other accounts that may be the same as the one used for Ubiquiti.

The company said: “We apologise for, and deeply regret, any inconvenience this may cause you. We take the security of your information very seriously and appreciate your continued trust.”

Jake Moore, cybersecurity specialist at ESET, said:

“As breaches go, this is not as damaging as it could be, but this is yet another blow for cybersecurity, as this is a company which prides itself on security. On the other hand, this does also shine a light on how sophisticated some threat actors are becoming and how every company, whatever size, needs to constantly review its security.

“Changing passwords really doesn’t have to be a difficult task, especially if a password manager is involved. Multi-factor authentication is vital in current times to give you not only that extra layer of security but also piece of mind due to these inevitable data breaches.”

Read More: Ticketmaster fined $10m for hacking rival’s computer system