Networking equipment and IoT device vendor Ubiquiti Networks has sent out following notification emails to its customers informing them of a recent security breach. 

“We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” 

The system in question stores the user profile for ui.com containing names, email addresses, and salted and hashed passwords. 

Experts Comments

January 12, 2021
Brad Keller
JD, CTPRP, CTPRA, Chief Strategy Officer
Shared Assessments

While it is difficult based on what has been released to determine what might be the root cause of the unauthorized access, there is one statement that can be made at this time. Outsourcers must ensure that their vendors are properly assessing and managing their own service providers. This appears to be a classic example of a “4th party vendor” being the source of the problem. Whether the unauthorized access stems from the failure of the un-named cloud provider to have proper security

.....Read More

While it is difficult based on what has been released to determine what might be the root cause of the unauthorized access, there is one statement that can be made at this time. Outsourcers must ensure that their vendors are properly assessing and managing their own service providers. This appears to be a classic example of a “4th party vendor” being the source of the problem. Whether the unauthorized access stems from the failure of the un-named cloud provider to have proper security controls in place or that Ubiquiti failed to properly manage their cloud accounts is yet to be determined.  But the need to assess vendors’ ability to manage their outsourced risk is a certainty.

  Read Less
January 12, 2021
Jake Moore
Cybersecurity Specialist
ESET

As breaches go, this is not as damaging as it could be, but this is yet another blow for cybersecurity, as this is a company which prides itself on security. On the other hand, this does also shine a light on how sophisticated some threat actors are becoming and how every company, whatever size, needs to constantly review its security.

 

Changing passwords really doesn’t have to be a difficult task, especially if a password manager is involved. Multi-factor authentication is vital in current

.....Read More

As breaches go, this is not as damaging as it could be, but this is yet another blow for cybersecurity, as this is a company which prides itself on security. On the other hand, this does also shine a light on how sophisticated some threat actors are becoming and how every company, whatever size, needs to constantly review its security.

 

Changing passwords really doesn’t have to be a difficult task, especially if a password manager is involved. Multi-factor authentication is vital in current times to give you not only that extra layer of security but also piece of mind due to these inevitable data breaches.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.