Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Ubiquiti Shares Dive After Reportedly Downplaying ‘Catastrophic’ Data Breach

Shares of New York City-based IoT device maker Ubiquiti (NYSE: UI) fell significantly this week following a report claiming that the recently disclosed data breach was “catastrophic” and that its impact was downplayed.

Shares of New York City-based IoT device maker Ubiquiti (NYSE: UI) fell significantly this week following a report claiming that the recently disclosed data breach was “catastrophic” and that its impact was downplayed.

Ubiquiti informed customers in January that it had detected unauthorized access to some IT systems hosted by an unnamed third-party cloud provider. The company said at the time that it had found no evidence user data was compromised, but it could not rule it out so it instructed customers to change their passwords.

Cybersecurity blogger Brian Krebs reported on Tuesday, March 30, that he learned from someone involved in the response to the breach that Ubiquiti “massively downplayed” an incident that was actually “catastrophic,” in an effort to minimize impact on its value on the stock market.

According to Krebs’ source, the attacker gained access to Ubiquiti’s AWS servers and then attempted to extort 50 bitcoin (worth nearly $3 million) from the company to keep quiet about the hack.

The attacker obtained privileged credentials from an Ubiquiti employee’s LastPass account and “gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies,” according to the source. The hacker allegedly could have remotely authenticated to Ubiquiti cloud-based devices.

According to Krebs, Ubiquiti discovered the breach in late December 2020 and later removed a couple of backdoors planted by the attacker — the firm reportedly did not engage with them. The company then started changing employee credentials, and on January 11 it informed customers about an incident and instructed them to change their passwords.

Following Krebs’ report, Ubiquiti issued a statement on Wednesday to provide more information, but noted that it cannot comment further due to an ongoing law enforcement investigation.

“In response to this incident, we leveraged external incident response experts to conduct a thorough investigation to ensure the attacker was locked out of our systems,” the company stated. “These experts identified no evidence that customer information was accessed, or even targeted. The attacker, who unsuccessfully attempted to extort the company by threatening to release stolen source code and specific IT credentials, never claimed to have accessed any customer information. This, along with other evidence, is why we believe that customer data was not the target of, or otherwise accessed in connection with, the incident.”

Advertisement. Scroll to continue reading.

Krebs’ source, however, claimed that Ubiquiti couldn’t have found any evidence of access to customer data because it didn’t actually have any access logs that it could check.

When Ubiquiti disclosed the security incident in January, it only had a small impact on its stock and the value of its shares has increased significantly since, from roughly $250 per share on January 12 to $350 per share on March 30.

Now, following news that the breach may have been bigger than the company led customers and investors to believe, Ubiquiti shares are down to $290 at the time of publishing.

At least two law firms are investigating whether Ubiquiti violated federal securities laws and are urging the company’s investors to contact them.

Related: Class Action Lawsuit Filed Against Marriott Over New Data Breach

Related: Massachusetts, Indiana Settle With Equifax Over 2017 Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...