Networking equipment and IoT device vendor Ubiquiti Networks has sent out following notification emails to its customers informing them of a recent security breach.
“We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider,”
The system in question stores the user profile for ui.com containing names, email addresses, and salted and hashed passwords.
Experts Comments
As breaches go, this is not as damaging as it could be, but this is yet another blow for cybersecurity, as this is a company which prides itself on security. On the other hand, this does also shine a light on how sophisticated some threat actors are becoming and how every company, whatever size, needs to constantly review its security.
Changing passwords really doesn’t have to be a difficult task, especially if a password manager is involved. Multi-factor authentication is vital in current
.....Read MoreDot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
While it is difficult based on what has been released to determine what might be the root cause of the unauthorized access, there is one statement that can be made at this time. Outsourcers must ensure that their vendors are properly assessing and managing their own service providers. This appears to be a classic example of a “4th party vendor” being the source of the problem. Whether the unauthorized access stems from the failure of the un-named cloud provider to have proper security
.....Read MoreWhile it is difficult based on what has been released to determine what might be the root cause of the unauthorized access, there is one statement that can be made at this time. Outsourcers must ensure that their vendors are properly assessing and managing their own service providers. This appears to be a classic example of a “4th party vendor” being the source of the problem. Whether the unauthorized access stems from the failure of the un-named cloud provider to have proper security controls in place or that Ubiquiti failed to properly manage their cloud accounts is yet to be determined. But the need to assess vendors’ ability to manage their outsourced risk is a certainty.
Read LessLinkedin Message
@Brad Keller, JD, CTPRP, CTPRA, Chief Strategy Officer, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Outsourcers must ensure that their vendors are properly assessing and managing their own service providers...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/what-expert-says-on-iot-vendor-ubiquiti-recent-breach
Facebook Message
@Brad Keller, JD, CTPRP, CTPRA, Chief Strategy Officer, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Outsourcers must ensure that their vendors are properly assessing and managing their own service providers...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/what-expert-says-on-iot-vendor-ubiquiti-recent-breach