Networking equipment and IoT device vendor Ubiquiti Networks has sent out following notification emails to its customers informing them of a recent security breach.
“We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider,”
The system in question stores the user profile for ui.com containing names, email addresses, and salted and hashed passwords.
<p>As breaches go, this is not as damaging as it could be, but this is yet another blow for cybersecurity, as this is a company which prides itself on security. On the other hand, this does also shine a light on how sophisticated some threat actors are becoming and how every company, whatever size, needs to constantly review its security.</p> <p> </p> <p>Changing passwords really doesn’t have to be a difficult task, especially if a password manager is involved. Multi-factor authentication is vital in current times to give you not only that extra layer of security but also piece of mind due to these inevitable data breaches.</p>
<p>While it is difficult based on what has been released to determine what might be the root cause of the unauthorized access, there is one statement that can be made at this time. Outsourcers must ensure that their vendors are properly assessing and managing their own service providers. This appears to be a classic example of a “4<sup>th</sup> party vendor” being the source of the problem. Whether the unauthorized access stems from the failure of the un-named cloud provider to have proper security controls in place or that Ubiquiti failed to properly manage their cloud accounts is yet to be determined. But the need to assess vendors’ ability to manage <strong>their</strong> outsourced risk is a certainty.</p>