Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Ubiquiti Tells Users to Change Passwords After Breach at Cloud Provider

American technology company Ubiquiti this week revealed that one of its third-party cloud providers suffered a data breach.

American technology company Ubiquiti this week revealed that one of its third-party cloud providers suffered a data breach.

Founded in 2005, the New York City-based company manufactures wired and wireless data communication products for both corporate and home users, including routers, security cameras, network video recorders, and other Internet of Things devices.

“We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account,” Ubiquiti said in a notification published on Monday.

An investigation into the incident hasn’t revealed evidence that the adversary managed to access databases that host user data. However, Ubiquiti says, it’s still possible that user data might have been exposed in the breach.

Such data, if exposed, may include names and email addresses, along with encrypted passwords to accounts (the company stores passwords hashed and salted), along with addresses and phone numbers.

Ubiquiti encourages users to change their passwords, as a precautionary measure.

“We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so,” the company says.

Related: UK Energy Startup ‘People’s Energy’ Discloses Data Breach

Related: Belden Discloses Data Breach Affecting Employee, Business Information

Related: Law Firm Says Google Employee Information Compromised in Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...