Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Ubiquiti Shares Dive After Reportedly Downplaying ‘Catastrophic’ Data Breach

Shares of New York City-based IoT device maker Ubiquiti (NYSE: UI) fell significantly this week following a report claiming that the recently disclosed data breach was “catastrophic” and that its impact was downplayed.

Shares of New York City-based IoT device maker Ubiquiti (NYSE: UI) fell significantly this week following a report claiming that the recently disclosed data breach was “catastrophic” and that its impact was downplayed.

Ubiquiti informed customers in January that it had detected unauthorized access to some IT systems hosted by an unnamed third-party cloud provider. The company said at the time that it had found no evidence user data was compromised, but it could not rule it out so it instructed customers to change their passwords.

Cybersecurity blogger Brian Krebs reported on Tuesday, March 30, that he learned from someone involved in the response to the breach that Ubiquiti “massively downplayed” an incident that was actually “catastrophic,” in an effort to minimize impact on its value on the stock market.

According to Krebs’ source, the attacker gained access to Ubiquiti’s AWS servers and then attempted to extort 50 bitcoin (worth nearly $3 million) from the company to keep quiet about the hack.

The attacker obtained privileged credentials from an Ubiquiti employee’s LastPass account and “gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies,” according to the source. The hacker allegedly could have remotely authenticated to Ubiquiti cloud-based devices.

According to Krebs, Ubiquiti discovered the breach in late December 2020 and later removed a couple of backdoors planted by the attacker — the firm reportedly did not engage with them. The company then started changing employee credentials, and on January 11 it informed customers about an incident and instructed them to change their passwords.

Following Krebs’ report, Ubiquiti issued a statement on Wednesday to provide more information, but noted that it cannot comment further due to an ongoing law enforcement investigation.

“In response to this incident, we leveraged external incident response experts to conduct a thorough investigation to ensure the attacker was locked out of our systems,” the company stated. “These experts identified no evidence that customer information was accessed, or even targeted. The attacker, who unsuccessfully attempted to extort the company by threatening to release stolen source code and specific IT credentials, never claimed to have accessed any customer information. This, along with other evidence, is why we believe that customer data was not the target of, or otherwise accessed in connection with, the incident.”

Krebs’ source, however, claimed that Ubiquiti couldn’t have found any evidence of access to customer data because it didn’t actually have any access logs that it could check.

When Ubiquiti disclosed the security incident in January, it only had a small impact on its stock and the value of its shares has increased significantly since, from roughly $250 per share on January 12 to $350 per share on March 30.

Now, following news that the breach may have been bigger than the company led customers and investors to believe, Ubiquiti shares are down to $290 at the time of publishing.

At least two law firms are investigating whether Ubiquiti violated federal securities laws and are urging the company’s investors to contact them.

Related: Class Action Lawsuit Filed Against Marriott Over New Data Breach

Related: Massachusetts, Indiana Settle With Equifax Over 2017 Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.